Znikające foldery na dysku d

**Posty:** 626 · przez **Tiempo** 10 Wrz 2014, 21:45

Witam, dziś rano pojawił się problem na moim laptopie - samoistnie zaczęły znikać pliki z dysku D. Zakładam, że problem pojawił się po zassaniu jakiegoś pliku z torrentów.

Pierwsze co zauważyłem, to brak folderu "Program files (x86). Ikonki gier czy też programów z puplpitu straciły swój wygląd (oczywiście te, które były zainstalowane w tym folderze). Im dalej w las, tym więcej folderów zaczęło znikać.
Opcja - pokaż/ukryj pliki/foldery - nie pomaga. Nie pomaga również ich wyszukanie - jakby nie istniały - ale miejsce na dysku D się wcale nie zmniejszyło.

Czy pomoże sam format dysku D?

System operacyjny Win 7 / antywirus AVAST - oczywiście free wersja.

Gorąco proszę o pomoc!!

Kod: Zaznacz wszystko: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-10 21:26:48 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LM012_HN-M500MBB rev.2AR20002 465,76GB Running: ccmhlqji.exe; Driver: C:\Users\Maciek\AppData\Local\Temp\ugldypod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000100120460 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000100120450 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000100120370 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000100120470 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 00000001001203e0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000100120320 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 00000001001203b0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000100120390 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 00000001001202e0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 00000001001202d0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000100120310 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 00000001001203c0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 00000001001203f0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000100120230 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000100120480 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 00000001001203a0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 00000001001202f0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000100120350 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000100120290 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 00000001001202b0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 00000001001203d0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000100120330 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000100120410 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000100120240 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 00000001001201e0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000100120250 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000100120490 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 00000001001204a0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000100120300 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000100120360 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 00000001001202a0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 00000001001202c0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000100120380 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000100120340 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000100120440 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000100120260 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000100120270 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000100120400 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 00000001001201f0 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000100120210 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000100120200 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000100120420 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000100120430 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000100120220 .text C:\Windows\system32\csrss.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000100120280 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\wininit.exe[540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000100120460 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000100120450 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000100120370 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000100120470 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 00000001001203e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000100120320 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 00000001001203b0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000100120390 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 00000001001202e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 00000001001202d0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000100120310 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 00000001001203c0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 00000001001203f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000100120230 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000100120480 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 00000001001203a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 00000001001202f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000100120350 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000100120290 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 00000001001202b0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 00000001001203d0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000100120330 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000100120410 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000100120240 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 00000001001201e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000100120250 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000100120490 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 00000001001204a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000100120300 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000100120360 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 00000001001202a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 00000001001202c0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000100120380 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000100120340 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000100120440 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000100120260 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000100120270 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000100120400 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 00000001001201f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000100120210 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000100120200 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000100120420 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000100120430 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000100120220 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000100120280 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000100040460 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000100040370 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000100040470 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000100040320 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000100040390 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000100040310 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000100040230 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000100040480 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000100040350 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000100040290 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000100040330 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000100040250 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000100040490 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000100040200 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000100040420 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000100040430 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000100040280 .text C:\Windows\system32\winlogon.exe[612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\services.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\lsass.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\System32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\System32\svchost.exe[204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[408] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\AUDIODG.EXE[480] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\Explorer.EXE[1332] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\System32\hkcmd.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\taskhost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 000000007780d03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077cc1401 2 bytes JMP 7781eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077cc1419 2 bytes JMP 7782b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077cc1431 2 bytes JMP 778a8609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077cc144a 2 bytes CALL 77801dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077cc14dd 2 bytes JMP 778a7efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077cc14f5 2 bytes JMP 778a80d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077cc150d 2 bytes JMP 778a7df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077cc1525 2 bytes JMP 778a81c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077cc153d 2 bytes JMP 7781f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077cc1555 2 bytes JMP 7782b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077cc156d 2 bytes JMP 778a86c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077cc1585 2 bytes JMP 778a8222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077cc159d 2 bytes JMP 778a7db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077cc15b5 2 bytes JMP 7781f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077cc15cd 2 bytes JMP 7782b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077cc16b2 2 bytes JMP 778a8584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077cc16bd 2 bytes JMP 778a7d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077cc1401 2 bytes JMP 7781eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077cc1419 2 bytes JMP 7782b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077cc1431 2 bytes JMP 778a8609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077cc144a 2 bytes CALL 77801dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077cc14dd 2 bytes JMP 778a7efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077cc14f5 2 bytes JMP 778a80d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077cc150d 2 bytes JMP 778a7df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077cc1525 2 bytes JMP 778a81c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077cc153d 2 bytes JMP 7781f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077cc1555 2 bytes JMP 7782b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077cc156d 2 bytes JMP 778a86c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077cc1585 2 bytes JMP 778a8222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077cc159d 2 bytes JMP 778a7db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077cc15b5 2 bytes JMP 7781f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077cc15cd 2 bytes JMP 7782b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077cc16b2 2 bytes JMP 778a8584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077cc16bd 2 bytes JMP 778a7d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[2740] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[2852] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3012] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[2376] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[2780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2864] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077cc1401 2 bytes JMP 7781eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077cc1419 2 bytes JMP 7782b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077cc1431 2 bytes JMP 778a8609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077cc144a 2 bytes CALL 77801dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077cc14dd 2 bytes JMP 778a7efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077cc14f5 2 bytes JMP 778a80d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077cc150d 2 bytes JMP 778a7df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077cc1525 2 bytes JMP 778a81c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077cc153d 2 bytes JMP 7781f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077cc1555 2 bytes JMP 7782b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077cc156d 2 bytes JMP 778a86c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077cc1585 2 bytes JMP 778a8222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077cc159d 2 bytes JMP 778a7db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077cc15b5 2 bytes JMP 7781f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077cc15cd 2 bytes JMP 7782b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077cc16b2 2 bytes JMP 778a8584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077cc16bd 2 bytes JMP 778a7d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\SearchIndexer.exe[3188] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000100070280 .text C:\Windows\system32\wbem\wmiprvse.exe[3516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3672] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\system32\svchost.exe[4392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[4132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4f1bd 1 byte [62] .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b5ff60 5 bytes JMP 0000000077cc0460 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b5ffb0 5 bytes JMP 0000000077cc0450 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b60110 5 bytes JMP 0000000077cc0370 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b60160 5 bytes JMP 0000000077cc0470 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b60170 5 bytes JMP 0000000077cc03e0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b60220 5 bytes JMP 0000000077cc0320 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b60250 5 bytes JMP 0000000077cc03b0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b60270 5 bytes JMP 0000000077cc0390 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b602b0 5 bytes JMP 0000000077cc02e0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b60330 5 bytes JMP 0000000077cc02d0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b60350 5 bytes JMP 0000000077cc0310 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b60390 5 bytes JMP 0000000077cc03c0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b603e0 5 bytes JMP 0000000077cc03f0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b60540 5 bytes JMP 0000000077cc0230 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b60700 5 bytes JMP 0000000077cc0480 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b60730 5 bytes JMP 0000000077cc03a0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b60810 5 bytes JMP 0000000077cc02f0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b60820 5 bytes JMP 0000000077cc0350 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b60880 5 bytes JMP 0000000077cc0290 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b60910 5 bytes JMP 0000000077cc02b0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b60930 5 bytes JMP 0000000077cc03d0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b60940 5 bytes JMP 0000000077cc0330 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b609b0 5 bytes JMP 0000000077cc0410 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b609e0 5 bytes JMP 0000000077cc0240 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b60ca0 5 bytes JMP 0000000077cc01e0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b60d60 5 bytes JMP 0000000077cc0250 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b60d90 5 bytes JMP 0000000077cc0490 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b60da0 5 bytes JMP 0000000077cc04a0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b60dd0 5 bytes JMP 0000000077cc0300 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b60de0 5 bytes JMP 0000000077cc0360 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b60e40 5 bytes JMP 0000000077cc02a0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b60e90 5 bytes JMP 0000000077cc02c0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b60ec0 5 bytes JMP 0000000077cc0380 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b60ed0 5 bytes JMP 0000000077cc0340 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b611c0 5 bytes JMP 0000000077cc0440 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b613c0 5 bytes JMP 0000000077cc0260 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b613d0 5 bytes JMP 0000000077cc0270 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b613e0 5 bytes JMP 0000000077cc0400 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b615a0 5 bytes JMP 0000000077cc01f0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b615b0 5 bytes JMP 0000000077cc0210 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b61620 5 bytes JMP 0000000077cc0200 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b61680 5 bytes JMP 0000000077cc0420 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b61690 5 bytes JMP 0000000077cc0430 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b616a0 5 bytes JMP 0000000077cc0220 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b61780 5 bytes JMP 0000000077cc0280 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3164] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] .text D:\ccmhlqji.exe[2244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007782b0c5 1 byte [62] ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4588:4936] 000007fefc062a74 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4588:4712] 000007fefb185124 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4016:1160] 0000000075c57587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4016:4192] 0000000064790cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4016:4440] 0000000077d51c7f Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4016:1108] 0000000077d52c91 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4016:1772] 0000000077d52c91 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4016:2612] 0000000077d52c91 Thread C:\Windows\System32\svchost.exe [3828:1800] 000007fef1f09688 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\DatacardService\HWDeviceService64.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\HWDeviceService64.exe [2668](2011-03-14 15:27:34) 000000013fcb0000 Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2852] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2011-03-14 15:27:28) 0000000000400000 Process C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2376](2013-12-20 11:47:43) 0000000000400000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2376](2013-12-20 11:47:43) 000000006fbc0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2376](2013-12-20 11:47:43) 000000006e940000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2376](2013-12-20 11:47:43) 000000006a1c0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2376](2013-12-20 11:47:43) 000000006ff00000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2376](2013-12-20 11:47:43) 000000006efc0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2376](2013-12-20 11:47:43) 000000006ed40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\24fd52db5e6a Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\24fd52db5e6a (not active ControlSet) ---- EOF - GMER 2.1 ----

Kod: Zaznacz wszystko: OTL logfile created on: 2014-09-10 21:32:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ 64bit- Home Basic Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,87 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 48,32% Memory free 7,74 Gb Paging File | 5,54 Gb Available in Paging File | 71,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 30,21 Gb Total Space | 0,38 Gb Free Space | 1,27% Space Free | Partition Type: NTFS Drive D: | 433,59 Gb Total Space | 85,98 Gb Free Space | 19,83% Space Free | Partition Type: NTFS Computer Name: MACIEJ | User Name: Maciek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-09-10 21:30:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL_[www.programosy.pl].exe PRC - [2014-09-10 11:27:39 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2014-09-10 11:27:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014-09-10 11:27:02 | 000,106,488 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe PRC - [2014-09-09 23:53:28 | 001,870,000 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe PRC - [2014-07-29 23:03:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2014-05-12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-07-02 10:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2013-03-01 11:25:24 | 000,552,960 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331STI.EXE PRC - [2012-09-22 04:32:40 | 000,655,744 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe PRC - [2011-03-14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-09-10 11:27:17 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014-09-10 11:27:17 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll MOD - [2014-09-09 23:53:28 | 016,825,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll MOD - [2014-07-29 23:03:33 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-09-10 11:27:16 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2014-09-10 11:27:02 | 000,106,488 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV:[b]64bit:[/b] - [2013-04-18 18:15:18 | 003,388,144 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:[b]64bit:[/b] - [2013-04-18 18:14:58 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2013-04-18 18:14:46 | 000,621,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2013-04-18 18:14:20 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2013-04-11 02:12:50 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:[b]64bit:[/b] - [2012-09-12 18:07:06 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2014-09-09 23:53:28 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-07-29 23:03:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-04-24 09:56:11 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012-10-15 19:01:28 | 000,219,776 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012-09-22 04:32:40 | 000,655,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2012-06-11 12:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2011-03-14 17:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014-09-10 21:07:35 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:[b]64bit:[/b] - [2014-09-10 11:27:38 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:[b]64bit:[/b] - [2014-09-10 11:27:18 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2014-09-10 11:27:05 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:[b]64bit:[/b] - [2014-09-10 11:27:02 | 000,448,400 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt) DRV:[b]64bit:[/b] - [2014-05-12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:[b]64bit:[/b] - [2014-05-12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2013-04-22 20:15:16 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2013-04-18 02:02:32 | 005,358,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2013-04-11 02:13:08 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:[b]64bit:[/b] - [2013-04-11 02:13:08 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:[b]64bit:[/b] - [2013-03-25 01:39:06 | 003,884,032 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2013-03-01 11:26:40 | 001,045,248 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs) DRV:[b]64bit:[/b] - [2013-01-15 18:37:12 | 000,327,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2012-10-15 19:02:04 | 000,551,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:[b]64bit:[/b] - [2012-10-15 19:02:04 | 000,281,728 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,341,120 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:[b]64bit:[/b] - [2012-08-20 02:55:56 | 000,104,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:[b]64bit:[/b] - [2012-08-20 02:55:56 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2012-08-20 02:55:56 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV:[b]64bit:[/b] - [2012-08-20 02:55:56 | 000,030,720 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:[b]64bit:[/b] - [2012-07-17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2012-06-11 12:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2011-05-13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:[b]64bit:[/b] - [2011-05-13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:[b]64bit:[/b] - [2011-05-13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:[b]64bit:[/b] - [2011-05-13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:[b]64bit:[/b] - [2011-05-13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:[b]64bit:[/b] - [2010-07-27 03:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:[b]64bit:[/b] - [2010-03-20 06:06:58 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:[b]64bit:[/b] - [2009-08-21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum) DRV:[b]64bit:[/b] - [2009-07-14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2009-07-14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=429&systemid=406&v=n11099-232&apn_uid=5755043044834564&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=429&systemid=406&v=n11099-232&apn_uid=5755043044834564&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-429&v=n11099-232&t=4 IE - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=429&systemid=406&v=n11099-232&apn_uid=5755043044834564&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} IE - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0 FF - prefs.js..keyword.URL: "http://dts.search.ask.com/sr?src=ffb&gct=ds&appid=429&systemid=406&v=n11099-232&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5755043044834564&o=APN10645&q=" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Maciek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-10 11:27:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-10-26 21:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maciek\AppData\Roaming\mozilla\Extensions [2014-07-23 23:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maciek\AppData\Roaming\mozilla\Firefox\Profiles\sfpo8za2.default\extensions [2014-07-05 00:18:06 | 000,178,984 | ---- | M] () (No name found) -- C:\Users\Maciek\AppData\Roaming\mozilla\firefox\profiles\sfpo8za2.default\extensions\p24ext@przelewy24.pl.xpi [2014-07-23 23:14:13 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Maciek\AppData\Roaming\mozilla\firefox\profiles\sfpo8za2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-19 21:31:35 | 000,002,664 | ---- | M] () -- C:\Users\Maciek\AppData\Roaming\mozilla\firefox\profiles\sfpo8za2.default\searchplugins\Ask.xml [2014-07-29 23:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014-07-29 23:03:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\athbttray.exe (Atheros Commnucations) O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\btvstack.exe (Atheros Communications) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000..\Run: [iLivid] "C:\Users\Maciek\AppData\Local\iLivid\iLivid.exe" -autorun File not found O4 - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000..\Run: [uTorrent] C:\Users\Maciek\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0257086E-FE9D-4E99-9A99-C37B0947DD7B}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51341E08-E294-4832-8259-3ED22EC5CCAB}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A2C3012-7AC3-43A1-8445-D09FAFCDBBE0}: DhcpNameServer = 212.2.96.51 212.2.96.52 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A371D93F-A930-4081-9559-19D03390AA40}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA128F88-88BC-401D-BC80-3541B42C75BC}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\x64\mgrldr.dll) - File not found O20 - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\mgrldr.dll) - File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:[b]64bit:[/b] - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{00f9c45f-696c-11e3-a502-24fd52db140a}\Shell - "" = AutoRun O33 - MountPoints2\{00f9c45f-696c-11e3-a502-24fd52db140a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{00f9c473-696c-11e3-a502-24fd52db140a}\Shell - "" = AutoRun O33 - MountPoints2\{00f9c473-696c-11e3-a502-24fd52db140a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{054f1d00-42ed-11e3-a580-24fd52db5e6a}\Shell - "" = AutoRun O33 - MountPoints2\{054f1d00-42ed-11e3-a580-24fd52db5e6a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{0717b077-8a95-11e3-a9f8-24fd52db5e6a}\Shell - "" = AutoRun O33 - MountPoints2\{0717b077-8a95-11e3-a9f8-24fd52db5e6a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0717b08e-8a95-11e3-a9f8-24fd52db5e6a}\Shell - "" = AutoRun O33 - MountPoints2\{0717b08e-8a95-11e3-a9f8-24fd52db5e6a}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe O33 - MountPoints2\{14145deb-917f-11e3-85e4-24fd52db5e6a}\Shell - "" = AutoRun O33 - MountPoints2\{14145deb-917f-11e3-85e4-24fd52db5e6a}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE O33 - MountPoints2\{17936c74-8bf6-11e3-8530-24fd52db5e6a}\Shell - "" = AutoRun O33 - MountPoints2\{17936c74-8bf6-11e3-8530-24fd52db5e6a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{442ff60d-f911-11e3-92e2-24fd52db5e6a}\Shell - "" = AutoRun O33 - MountPoints2\{442ff60d-f911-11e3-92e2-24fd52db5e6a}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe O33 - MountPoints2\{932a23f0-a143-11e3-87ac-24fd52db5e6a}\Shell - "" = AutoRun O33 - MountPoints2\{932a23f0-a143-11e3-87ac-24fd52db5e6a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-09-10 11:32:20 | 000,000,000 | ---D | C] -- C:\FIFA 14 [2014-09-10 11:31:55 | 000,000,000 | ---D | C] -- C:\Gdansk [2014-09-10 11:27:26 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2014-09-10 11:27:18 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2014-09-10 11:27:02 | 000,448,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys [2014-09-10 11:10:30 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014-09-10 11:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014-09-10 11:10:13 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014-09-10 11:10:13 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014-09-10 11:10:13 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014-09-10 11:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2014-09-10 11:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014-09-10 10:28:28 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor [2014-09-10 10:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rFactor [2014-09-09 23:14:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014-09-09 23:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA SPORTS [2014-09-09 22:38:22 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Documents\F1 Challenge 99-02 [2014-09-09 20:42:46 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Documents\FIFA 15 Demo [2014-09-09 20:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 Demo [2014-09-09 20:37:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2014-09-09 20:35:43 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2014-09-09 20:35:43 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2014-09-09 20:35:43 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2014-09-09 20:35:42 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2014-09-09 20:35:42 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2014-09-09 20:35:42 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2014-09-09 20:35:42 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2014-09-09 20:35:42 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2014-09-09 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Local\Origin [2014-09-09 17:21:03 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Local\2K Games [2014-09-09 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2014-09-08 11:06:58 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Desktop\Asics [2014-08-27 21:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2014-08-18 11:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2014-08-18 11:16:16 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Documents\My Games [2014-08-18 11:16:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2014-08-18 11:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound [2014-08-18 11:14:16 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll [2014-08-18 11:14:16 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll [2014-08-18 11:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS [2014-08-18 11:14:12 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2014-08-18 11:14:12 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2014-08-18 11:14:12 | 000,122,968 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2014-08-18 11:14:12 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2014-08-18 11:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2014-08-18 11:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2014-08-18 11:11:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2014-08-18 11:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\Maciek\Desktop\*.tmp files -> C:\Users\Maciek\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-09-10 21:07:35 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014-09-10 21:06:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-09-10 21:06:35 | 3118,084,096 | -HS- | M] () -- C:\hiberfil.sys [2014-09-10 11:35:30 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-09-10 11:35:30 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-09-10 11:33:27 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-09-10 11:33:27 | 000,697,912 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2014-09-10 11:33:27 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-09-10 11:33:27 | 000,134,990 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2014-09-10 11:33:27 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-09-10 11:28:13 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2014-09-10 11:27:38 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys [2014-09-10 11:27:19 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys [2014-09-10 11:27:19 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014-09-10 11:27:19 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014-09-10 11:27:19 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys [2014-09-10 11:27:19 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2014-09-10 11:27:19 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014-09-10 11:27:19 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-09-10 11:27:18 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014-09-10 11:27:18 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014-09-10 11:27:05 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2014-09-10 11:27:02 | 000,448,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys [2014-09-10 11:10:16 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014-09-10 09:53:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-09-09 23:53:28 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014-09-09 23:53:28 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014-09-09 23:03:05 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\F1 Challenge 99-02.lnk [2014-09-09 22:59:47 | 000,000,548 | ---- | M] () -- C:\Windows\eReg.dat [2014-09-09 22:52:39 | 000,446,472 | ---- | M] () -- C:\Users\Maciek\Desktop\12910869bf0a061ed29d8fa99800a1f3.jpg [2014-09-09 20:37:56 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 15 Demo.lnk [2014-09-09 19:39:05 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2014-09-09 17:18:04 | 000,000,822 | ---- | M] () -- C:\Users\Maciek\Desktop\Play Mafia II.lnk [2014-08-18 11:14:12 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2014-08-18 11:14:12 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2014-08-18 11:14:12 | 000,122,968 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2014-08-18 11:14:12 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\Maciek\Desktop\*.tmp files -> C:\Users\Maciek\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-09-10 11:28:13 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2014-09-10 11:10:16 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014-09-09 23:03:05 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\F1 Challenge 99-02.lnk [2014-09-09 22:59:47 | 000,000,548 | ---- | C] () -- C:\Windows\eReg.dat [2014-09-09 22:52:38 | 000,446,472 | ---- | C] () -- C:\Users\Maciek\Desktop\12910869bf0a061ed29d8fa99800a1f3.jpg [2014-09-09 20:37:56 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 15 Demo.lnk [2014-09-09 19:39:05 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2014-09-09 17:18:04 | 000,000,822 | ---- | C] () -- C:\Users\Maciek\Desktop\Play Mafia II.lnk [2014-07-23 23:37:20 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2014-07-23 23:37:14 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2014-05-24 10:33:55 | 000,000,007 | ---- | C] () -- C:\Users\Maciek\AppData\Local\2736282159__4_32_16.dll [2014-05-24 00:42:39 | 000,000,003 | ---- | C] () -- C:\Users\Maciek\AppData\Local\2739282159__4_32_16.dll [2014-05-23 23:48:18 | 000,000,007 | ---- | C] () -- C:\Users\Maciek\AppData\Local\2636080169__4_32_16.dll [2014-04-10 22:28:00 | 000,707,504 | ---- | C] () -- C:\Users\Maciek\AppData\Local\unins000.exe [2014-04-10 22:28:00 | 000,011,761 | ---- | C] () -- C:\Users\Maciek\AppData\Local\unins000.msg [2014-04-10 22:28:00 | 000,003,178 | ---- | C] () -- C:\Users\Maciek\AppData\Local\unins000.dat [2013-11-09 17:55:53 | 000,000,000 | ---- | C] () -- C:\Users\Maciek\pwx2tcx.ini [2013-10-26 21:50:08 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013-10-26 21:49:38 | 000,001,677 | ---- | C] () -- C:\Windows\vm331Rmv.ini [2013-10-26 21:49:38 | 000,001,677 | ---- | C] () -- C:\Windows\SysWow64\vm331Rmv.ini [2013-10-26 21:41:25 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2013-10-26 21:41:25 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2013-10-26 21:41:25 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014-01-03 14:34:03 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\(94-20-53-2A-3E-9F) [2014-01-03 14:28:39 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\(B0-35-8D-72-56-2B) [2013-10-27 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\AVAST Software [2014-03-31 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\DAEMON Tools Lite [2013-11-13 08:33:23 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\Draco Organizer [2014-04-10 23:24:07 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\e-Deklaracje [2014-04-10 23:24:08 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2014-07-16 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\EurekaLog [2013-11-08 23:43:55 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\GameRanger [2013-12-30 16:19:28 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\GHISLER [2014-06-01 23:34:25 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\ImgBurn [2013-10-26 23:41:06 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\NapiProjekt [2014-06-05 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\Nokia [2014-07-05 00:18:24 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\Origin [2014-02-24 11:57:04 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\PC Suite [2013-10-30 15:18:56 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\Sports Interactive [2014-04-10 22:25:42 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\Unity [2014-09-10 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2014-09-10 21:32:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ 64bit- Home Basic Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,87 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 48,32% Memory free 7,74 Gb Paging File | 5,54 Gb Available in Paging File | 71,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 30,21 Gb Total Space | 0,38 Gb Free Space | 1,27% Space Free | Partition Type: NTFS Drive D: | 433,59 Gb Total Space | 85,98 Gb Free Space | 19,83% Space Free | Partition Type: NTFS Computer Name: MACIEJ | User Name: Maciek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3217036906-3807751147-4277946841-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "D:\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "D:\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "D:\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "D:\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{312F344F-1C98-4F79-8CE8-BCAA63190BB0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{055CBA91-F5E8-4AE9-B69C-BE115936E8D5}" = protocol=17 | dir=in | app=c:\users\maciek\appdata\roaming\utorrent\utorrent.exe | "{1DEB95E4-8FAA-4BE5-9BEB-421ABD88D691}" = protocol=6 | dir=in | app=d:\napiprojekt\napisy.exe | "{22A51985-7433-4D12-93A3-A37B33C7D9BB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{2D4292F4-3D4A-4B39-9CB6-0DC21A17B61E}" = protocol=6 | dir=in | app=d:\aoe\age of empires ii\age2_x1\age2_x2.exe | "{3878828D-D441-4D72-98DB-B2FFEAFB0E53}" = dir=in | app=c:\users\maciek\appdata\local\torch\application\torch.exe | "{397AD0CF-27BE-45C4-AE68-4E9E90154CCF}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{3E2CC55B-582E-408E-8E46-7C68992C7B4B}" = protocol=6 | dir=in | app=c:\users\maciek\appdata\roaming\utorrent\utorrent.exe | "{476067DD-BEC4-46D9-99BC-10696D7FB64E}" = protocol=17 | dir=in | app=c:\users\maciek\appdata\roaming\utorrent\utorrent.exe | "{5765CCA2-9C8F-473A-B065-48EF7BDD13C7}" = protocol=17 | dir=in | app=d:\aoe\age of empires ii\age2_x1\age2_x2.exe | "{59170A67-B77D-4C33-AC6E-6EF569B00126}" = protocol=17 | dir=in | app=d:\napiprojekt\napisy.exe | "{5B54A7F6-C31F-48E2-AB5C-21A3B143CA04}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{80EB7ADF-45A5-449C-9AEE-A8F14F9732C2}" = protocol=6 | dir=in | app=c:\users\maciek\appdata\roaming\utorrent\utorrent.exe | "{92D5ADE9-1505-461C-8246-2B31C7FA2A27}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\fifa 15 demo\fifasetup\fifaconfig.exe | "{9D857A22-8C19-4BFD-91E4-0DA58E4E8740}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{CA8087C9-85DF-4B35-B712-00E7296DCDEF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{CFFB776E-8CE4-4105-91F5-0E6CDEC31443}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{DFE0F7AB-E226-41D8-9B25-1421CB2F1ED3}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\fifa 15 demo\fifasetup\fifaconfig.exe | "{E70DF864-2562-4554-9631-5A56A043F337}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EF51FCC3-6EA2-4B56-BE0E-503417740068}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "TCP Query User{06694A07-46AA-4752-B404-2A6056090163}D:\nowy folder\racer\racer_nocg.exe" = protocol=6 | dir=in | app=d:\nowy folder\racer\racer_nocg.exe | "TCP Query User{2186212E-0E7E-409D-9433-8008248D6AF7}D:\lfs\lfs.exe" = protocol=6 | dir=in | app=d:\lfs\lfs.exe | "TCP Query User{22EF3344-FEC5-4F80-874D-79963AFCBDF9}D:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\atari\tdu2\uplauncher.exe | "TCP Query User{27CFF96F-A77F-45C5-AB77-70220729A2D9}D:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\atari\tdu2\uplauncher.exe | "TCP Query User{2E97BDDF-C5F4-4FC4-9620-B8F808D9C4FB}D:\fifa.14-ultimiate.edition-skidrowcrack\fifa 14\game\fifa14.exe" = protocol=6 | dir=in | app=d:\fifa.14-ultimiate.edition-skidrowcrack\fifa 14\game\fifa14.exe | "TCP Query User{4B13AF8B-3BEE-4BCD-83CD-EFEBFF266083}D:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\atari\tdu2\testdrive2.exe | "TCP Query User{4E96C6F1-D73F-4D8E-8462-FCD67F2CAE79}D:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=d:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe | "TCP Query User{579E35F0-D235-4839-AC69-085A5C3271AB}D:\nowy folder\racer084\racer\racer.exe" = protocol=6 | dir=in | app=d:\nowy folder\racer084\racer\racer.exe | "TCP Query User{6972081B-327A-4698-93F9-9696D74A5609}D:\nowy folder\racer\racer.exe" = protocol=6 | dir=in | app=d:\nowy folder\racer\racer.exe | "TCP Query User{8ADB6063-53D6-4EA3-8682-5B4461383C31}D:\aoe\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=d:\aoe\age of empires ii\empires2.exe | "TCP Query User{93EAE062-65F3-4061-B8F7-66C232949C19}D:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe | "TCP Query User{98E8831D-188A-4331-9852-D1540C351F4E}D:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\atari\tdu2\testdrive2.exe | "TCP Query User{9AC7F357-5B86-4868-8B73-10EB99F22A4B}D:\program files (x86)\atari\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\atari\tdu2\_uplauncher.exe | "TCP Query User{A4B020B8-841D-434B-B7D6-331A53BA9AE4}D:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=d:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe | "TCP Query User{A5773065-12D8-4D84-A2CF-E1498168AEC6}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{B4824259-99C5-4BBA-9D78-65672B7497DB}C:\users\maciek\downloads\offline-launcher.exe" = protocol=6 | dir=in | app=c:\users\maciek\downloads\offline-launcher.exe | "TCP Query User{DA284D12-73F0-4CFD-8016-B56945C09531}D:\nowy folder\racer0.9.0_rc8\racer\racer.exe" = protocol=6 | dir=in | app=d:\nowy folder\racer0.9.0_rc8\racer\racer.exe | "TCP Query User{DBF12545-2096-4322-8E56-88DDC0FA796D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{EF2FE238-BE91-4B3D-9A21-690B463F2C7F}D:\fifa.14-ultimiate.edition-skidrowcrack\fifa 14\game\fifa14.exe" = protocol=6 | dir=in | app=d:\fifa.14-ultimiate.edition-skidrowcrack\fifa 14\game\fifa14.exe | "UDP Query User{012A3676-C247-448C-92DF-64D5204F8B5A}D:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\atari\tdu2\uplauncher.exe | "UDP Query User{08B92409-B2B5-4CFA-A3F3-50232C06C7AC}D:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe | "UDP Query User{08C71EA2-1A78-4200-B209-BE005725CA72}D:\fifa.14-ultimiate.edition-skidrowcrack\fifa 14\game\fifa14.exe" = protocol=17 | dir=in | app=d:\fifa.14-ultimiate.edition-skidrowcrack\fifa 14\game\fifa14.exe | "UDP Query User{324280DC-6CE5-4BAA-ADDE-8409CC0E7150}D:\aoe\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=d:\aoe\age of empires ii\empires2.exe | "UDP Query User{3BA2EF4D-D5B7-4165-A4FE-FAB51B7F4B82}D:\program files (x86)\atari\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\atari\tdu2\_uplauncher.exe | "UDP Query User{54514806-D9B5-485A-8757-D6D5F217379C}D:\nowy folder\racer0.9.0_rc8\racer\racer.exe" = protocol=17 | dir=in | app=d:\nowy folder\racer0.9.0_rc8\racer\racer.exe | "UDP Query User{5BD27FAC-16BF-49E3-8E50-5B24A1C7D5A3}D:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=d:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe | "UDP Query User{60564106-CBED-4EB8-A50D-778374DCE78F}D:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\atari\tdu2\testdrive2.exe | "UDP Query User{7252FBF8-42C8-45C2-B500-F7BB50D61AC7}C:\users\maciek\downloads\offline-launcher.exe" = protocol=17 | dir=in | app=c:\users\maciek\downloads\offline-launcher.exe | "UDP Query User{78C4CEDD-1D73-475E-A57A-F90F192B398F}D:\fifa.14-ultimiate.edition-skidrowcrack\fifa 14\game\fifa14.exe" = protocol=17 | dir=in | app=d:\fifa.14-ultimiate.edition-skidrowcrack\fifa 14\game\fifa14.exe | "UDP Query User{7A63F714-EDAA-4650-B449-F78180B3953F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{9399B98B-92CE-487E-B4F7-13F64A8F621C}D:\nowy folder\racer084\racer\racer.exe" = protocol=17 | dir=in | app=d:\nowy folder\racer084\racer\racer.exe | "UDP Query User{A25D5AFD-2111-4FFE-A7BE-144E990D00F1}D:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\atari\tdu2\uplauncher.exe | "UDP Query User{A9696A67-5065-4CC4-B84B-8AD89C974AFF}D:\lfs\lfs.exe" = protocol=17 | dir=in | app=d:\lfs\lfs.exe | "UDP Query User{D313EBD0-70B1-4F88-B955-213A74D93545}D:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\atari\tdu2\testdrive2.exe | "UDP Query User{E0C859CE-F178-4640-A9AE-DF7203A86545}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{EA273A38-AF68-4A1C-AD6A-540B10B67CD2}D:\nowy folder\racer\racer_nocg.exe" = protocol=17 | dir=in | app=d:\nowy folder\racer\racer_nocg.exe | "UDP Query User{F7306DB6-538A-4F3D-BFBB-6B9ED1F0F002}D:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=d:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe | "UDP Query User{FD9E6AA8-D93B-4C63-9869-C4523614039B}D:\nowy folder\racer\racer.exe" = protocol=17 | dir=in | app=d:\nowy folder\racer\racer.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1EAE3FBF-E39F-4B65-ACEE-560A16CD1F44}" = Intel(R) PROSet/Wireless WiFi Software Driver "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64) "{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 "{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{B0169FD6-8590-451E-AEFF-A6253C0A850C}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed "{E7EBB2A5-8C76-4C16-95A3-2FC74BEDE270}" = Intel® PROSet/Wireless WiFi Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Totalcmd64" = Total Commander 64-bit (Remove or Repair) "WinRAR archiver" = WinRAR 5.00 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{0297C87B-CC40-446F-865A-031B4FC0CF22}" = Race Driver 3 "{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR "{108C0C19-6316-4944-A62F-C744488F8639}" = EA SPORTS™ FIFA 15 Demo "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1E496A68-4943-424E-829D-5C3C85B7B8F2}" = Realtek USB Card Reader "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51 "{2AC22CBC-1E34-4942-BC27-890E5DD3F8BC}}_is1" = New Star GP 1.25 DEMO "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5FB31CB9-A4A2-49FD-00AF-41785B21FDEE}" = F1 Challenge 99-02 "{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX "{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution "{705216C1-BA52-4B16-AFE4-4143B340D62D}" = System Requirements Lab CYRI "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18 "{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{913E2B02-1BA9-4B38-991B-31C717F9D00C}" = e-Deklaracje Desktop "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Polish "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{BF436CD1-67D6-4849-8C09-AE87197A0A64}" = TrainingPeaks Device Agent "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game "{e6d17d96-ddaa-476f-bb07-db601024ffb1}" = Oprogramowanie Intel® PROSet/Wireless "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin "Avast" = avast! Internet Security "e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1" = e-Deklaracje Desktop "ENTERPRISE" = Microsoft Office Enterprise 2007 "Heroes of Might and Magic III - Złota Edycja_is1" = Heroes of Might and Magic III - Złota Edycja "ImgBurn" = ImgBurn "KLiteCodecPack_is1" = K-Lite Codec Pack 10.0.5 Full "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 2.0.2.1012 "Mobile Partner" = Mobile Partner "Mozilla Firefox 31.0 (x86 pl)" = Mozilla Firefox 31.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt (2.2.0.2399) "OpenAL" = OpenAL "Origin" = Origin "rFactor" = rFactor (remove only) "SopCast" = SopCast 3.8.3 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3217036906-3807751147-4277946841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player "uTorrent" = µTorrent [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2014-09-10 05:23:08 | Computer Name = Maciej | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error - 2014-09-10 05:29:11 | Computer Name = Maciej | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Pomijanie: nie można zweryfikować Eap method DLL path name. Błąd: identyfikator typu=17, identyfikator autora=9, identyfikator dostawcy=0, typ dostawcy=0 Error - 2014-09-10 05:29:11 | Computer Name = Maciej | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Pomijanie: nie można zweryfikować Eap method DLL path name. Błąd: identyfikator typu=25, identyfikator autora=9, identyfikator dostawcy=0, typ dostawcy=0 Error - 2014-09-10 05:29:11 | Computer Name = Maciej | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Pomijanie: nie można zweryfikować Eap method DLL path name. Błąd: identyfikator typu=43, identyfikator autora=9, identyfikator dostawcy=0, typ dostawcy=0 Error - 2014-09-10 05:29:15 | Computer Name = Maciej | Source = Software Protection Platform Service | ID = 8198 Description = Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x80070005 Error - 2014-09-10 05:29:15 | Computer Name = Maciej | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error - 2014-09-10 15:06:42 | Computer Name = Maciej | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Pomijanie: nie można zweryfikować Eap method DLL path name. Błąd: identyfikator typu=17, identyfikator autora=9, identyfikator dostawcy=0, typ dostawcy=0 Error - 2014-09-10 15:06:42 | Computer Name = Maciej | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Pomijanie: nie można zweryfikować Eap method DLL path name. Błąd: identyfikator typu=25, identyfikator autora=9, identyfikator dostawcy=0, typ dostawcy=0 Error - 2014-09-10 15:06:42 | Computer Name = Maciej | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Pomijanie: nie można zweryfikować Eap method DLL path name. Błąd: identyfikator typu=43, identyfikator autora=9, identyfikator dostawcy=0, typ dostawcy=0 Error - 2014-09-10 15:06:44 | Computer Name = Maciej | Source = Software Protection Platform Service | ID = 8198 Description = Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x80070005 Error - 2014-09-10 15:06:44 | Computer Name = Maciej | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. [ OSession Events ] Error - 2014-05-12 13:30:21 | Computer Name = Maciej | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7823 seconds with 4200 seconds of active time. This session ended with a crash. Error - 2014-05-23 18:22:32 | Computer Name = Maciej | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1795 seconds with 360 seconds of active time. This session ended with a crash. [ System Events ] Error - 2014-09-10 05:20:13 | Computer Name = Maciej | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2014-09-10 05:20:13 | Computer Name = Maciej | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2014-09-10 05:22:29 | Computer Name = Maciej | Source = DCOM | ID = 10005 Description = Error - 2014-09-10 05:23:17 | Computer Name = Maciej | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Mobile Partner. OUC. Error - 2014-09-10 05:23:17 | Computer Name = Maciej | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Mobile Partner. OUC z powodu następującego błędu: %%1053 Error - 2014-09-10 05:29:53 | Computer Name = Maciej | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Mobile Partner. OUC. Error - 2014-09-10 05:29:53 | Computer Name = Maciej | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Mobile Partner. OUC z powodu następującego błędu: %%1053 Error - 2014-09-10 05:35:11 | Computer Name = Maciej | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2014-09-10 15:07:04 | Computer Name = Maciej | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Mobile Partner. OUC. Error - 2014-09-10 15:07:04 | Computer Name = Maciej | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Mobile Partner. OUC z powodu następującego błędu: %%1053 < End of report >

**Posty:** 4765 · przez **ordynat** 11 Wrz 2014, 09:16

Nie widzę tu żadnej infekcji.

Są ślady szkodliwych sponsorskich śmieci.
1) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport C:\AdwCleaner\AdwCleaner[S].txt.

2) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2014-01-03 14:34:03 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\(94-20-53-2A-3E-9F)
[2014-01-03 14:28:39 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\(B0-35-8D-72-56-2B)
O27:64bit: - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\x64\mgrldr.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\mgrldr.dll) - File not found
O4 - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000..\Run: [iLivid] "C:\Users\Maciek\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
FF - prefs.js..keyword.URL: "http://dts.search.ask.com/sr?src=ffb&gct=ds&appid=429&systemid=406&v=n11099-232&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5755043044834564&o=APN10645&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
IE - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-429&v=n11099-232&t=4

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-21-3217036906-3807751147-4277946841-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.
.

**Posty:** 626 · przez **Tiempo** 11 Wrz 2014, 23:10

Bardzo dziękuję za poświęcony czas.

Tutaj raport po użyciu skryptu:

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== C:\Users\Maciek\AppData\Roaming\(94-20-53-2A-3E-9F)\telecom folder moved successfully. C:\Users\Maciek\AppData\Roaming\(94-20-53-2A-3E-9F)\SIM1\telecom folder moved successfully. C:\Users\Maciek\AppData\Roaming\(94-20-53-2A-3E-9F)\SIM1 folder moved successfully. C:\Users\Maciek\AppData\Roaming\(94-20-53-2A-3E-9F) folder moved successfully. C:\Users\Maciek\AppData\Roaming\(B0-35-8D-72-56-2B)\telecom folder moved successfully. C:\Users\Maciek\AppData\Roaming\(B0-35-8D-72-56-2B) folder moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe\ not found. File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe\ not found. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\movies~1\datamngr\x64\mgrldr.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\movies~1\datamngr\mgrldr.dll deleted successfully. Registry value HKEY_USERS\S-1-5-21-3217036906-3807751147-4277946841-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Prefs.js: "http://dts.search.ask.com/sr?src=ffb&gct=ds&appid=429&systemid=406&v=n11099-232&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5755043044834564&o=APN10645&q=" removed from keyword.URL Prefs.js: "Ask.com" removed from browser.search.order.1 HKU\S-1-5-21-3217036906-3807751147-4277946841-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully. Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-3217036906-3807751147-4277946841-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 57311 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Maciek ->Temp folder emptied: 135488688 bytes ->Temporary Internet Files folder emptied: 390111946 bytes ->Java cache emptied: 6857584 bytes ->FireFox cache emptied: 25452298 bytes ->Flash cache emptied: 249383 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1619120 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 160541748 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50668 bytes RecycleBin emptied: 1073741824 bytes Total Files Cleaned = 1 711,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 09112014_225450 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot. File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot. C:\Users\Maciek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...

oraz ten po skanowaniu:

Kod: Zaznacz wszystko: OTL logfile created on: 2014-09-11 23:02:40 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ 64bit- Home Basic Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,87 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 53,66% Memory free 7,74 Gb Paging File | 5,75 Gb Available in Paging File | 74,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 30,21 Gb Total Space | 3,38 Gb Free Space | 11,18% Space Free | Partition Type: NTFS Drive D: | 433,59 Gb Total Space | 90,26 Gb Free Space | 20,82% Space Free | Partition Type: NTFS Drive E: | 4,25 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MACIEJ | User Name: Maciek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-09-10 21:30:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL_[www.programosy.pl].exe PRC - [2014-09-10 11:27:39 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2014-09-10 11:27:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014-09-10 11:27:02 | 000,106,488 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe PRC - [2014-07-29 23:03:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014-07-02 11:01:08 | 001,322,832 | ---- | M] (BitTorrent Inc.) -- C:\Users\Maciek\AppData\Roaming\uTorrent\uTorrent.exe PRC - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2014-05-12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-03-01 11:25:24 | 000,552,960 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331STI.EXE PRC - [2012-09-22 04:32:40 | 000,655,744 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe PRC - [2011-03-14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-09-10 11:27:17 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014-09-10 11:27:17 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll MOD - [2014-07-29 23:03:33 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012-12-20 08:42:20 | 000,659,456 | ---- | M] () -- C:\Windows\SysWOW64\vmprp331.ax [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-09-10 11:27:16 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2014-09-10 11:27:02 | 000,106,488 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV:[b]64bit:[/b] - [2013-04-18 18:15:18 | 003,388,144 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:[b]64bit:[/b] - [2013-04-18 18:14:58 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2013-04-18 18:14:46 | 000,621,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2013-04-18 18:14:20 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2013-04-11 02:12:50 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:[b]64bit:[/b] - [2012-09-12 18:07:06 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2014-09-09 23:53:28 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-07-29 23:03:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-04-24 09:56:11 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012-10-15 19:01:28 | 000,219,776 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012-09-22 04:32:40 | 000,655,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2012-06-11 12:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2011-03-14 17:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014-09-11 22:57:09 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\48230029.sys -- (MBAMSwissArmy) DRV:[b]64bit:[/b] - [2014-09-11 08:31:08 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37) DRV:[b]64bit:[/b] - [2014-09-10 11:27:38 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:[b]64bit:[/b] - [2014-09-10 11:27:19 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:[b]64bit:[/b] - [2014-09-10 11:27:18 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2014-09-10 11:27:05 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:[b]64bit:[/b] - [2014-09-10 11:27:02 | 000,448,400 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt) DRV:[b]64bit:[/b] - [2014-05-12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:[b]64bit:[/b] - [2014-05-12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2013-04-22 20:15:16 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2013-04-18 02:02:32 | 005,358,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2013-04-11 02:13:08 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:[b]64bit:[/b] - [2013-04-11 02:13:08 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:[b]64bit:[/b] - [2013-03-25 01:39:06 | 003,884,032 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2013-03-01 11:26:40 | 001,045,248 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs) DRV:[b]64bit:[/b] - [2013-01-15 18:37:12 | 000,327,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2012-10-15 19:02:04 | 000,551,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:[b]64bit:[/b] - [2012-10-15 19:02:04 | 000,281,728 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,341,120 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:[b]64bit:[/b] - [2012-10-15 19:01:58 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:[b]64bit:[/b] - [2012-08-20 02:55:56 | 000,104,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:[b]64bit:[/b] - [2012-08-20 02:55:56 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2012-08-20 02:55:56 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV:[b]64bit:[/b] - [2012-08-20 02:55:56 | 000,030,720 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:[b]64bit:[/b] - [2012-07-17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2012-06-11 12:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2011-05-13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:[b]64bit:[/b] - [2011-05-13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:[b]64bit:[/b] - [2011-05-13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:[b]64bit:[/b] - [2011-05-13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:[b]64bit:[/b] - [2011-05-13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:[b]64bit:[/b] - [2010-07-27 03:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:[b]64bit:[/b] - [2010-03-20 06:06:58 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:[b]64bit:[/b] - [2009-08-21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum) DRV:[b]64bit:[/b] - [2009-07-14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2009-07-14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140911 IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140911 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.wp.pl/?src01=dp220140911" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Maciek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-10 11:27:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-10-26 21:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maciek\AppData\Roaming\mozilla\Extensions [2014-07-23 23:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maciek\AppData\Roaming\mozilla\Firefox\Profiles\sfpo8za2.default\extensions [2014-07-05 00:18:06 | 000,178,984 | ---- | M] () (No name found) -- C:\Users\Maciek\AppData\Roaming\mozilla\firefox\profiles\sfpo8za2.default\extensions\p24ext@przelewy24.pl.xpi [2014-07-23 23:14:13 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Maciek\AppData\Roaming\mozilla\firefox\profiles\sfpo8za2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-29 23:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014-07-29 23:03:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\athbttray.exe (Atheros Commnucations) O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\btvstack.exe (Atheros Communications) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3217036906-3807751147-4277946841-1000..\Run: [uTorrent] C:\Users\Maciek\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0257086E-FE9D-4E99-9A99-C37B0947DD7B}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51341E08-E294-4832-8259-3ED22EC5CCAB}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A2C3012-7AC3-43A1-8445-D09FAFCDBBE0}: DhcpNameServer = 212.2.96.51 212.2.96.52 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A371D93F-A930-4081-9559-19D03390AA40}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA128F88-88BC-401D-BC80-3541B42C75BC}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-04-12 16:36:36 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-09-11 22:37:52 | 000,000,000 | ---D | C] -- C:\UsbFix [2014-09-11 22:33:04 | 000,000,000 | ---D | C] -- C:\FRST [2014-09-11 22:24:30 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\48230029.sys [2014-09-11 09:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company [2014-09-11 09:34:24 | 000,000,000 | ---D | C] -- C:\DriveKey [2014-09-11 09:31:45 | 002,074,384 | ---- | C] (Hewlett-Packard ) -- C:\Users\Maciek\Desktop\SP27608.exe [2014-09-11 09:18:03 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Documents\Bluetooth Folder [2014-09-11 09:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web [2014-09-11 08:49:11 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Local\Opera Software [2014-09-11 08:49:10 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Roaming\Opera Software [2014-09-11 08:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2014-09-11 08:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [2014-09-11 08:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo [2014-09-11 08:35:59 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Doctor Web [2014-09-11 08:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2014-09-11 07:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2014-09-11 07:43:53 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014-09-10 11:32:20 | 000,000,000 | ---D | C] -- C:\FIFA 14 [2014-09-10 11:31:55 | 000,000,000 | ---D | C] -- C:\Gdansk [2014-09-10 11:27:26 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2014-09-10 11:27:18 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2014-09-10 11:27:02 | 000,448,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys [2014-09-10 11:10:30 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014-09-10 11:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014-09-10 11:10:13 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014-09-10 11:10:13 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014-09-10 11:10:13 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014-09-10 11:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2014-09-10 11:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014-09-10 10:28:28 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor [2014-09-10 10:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rFactor [2014-09-09 23:14:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014-09-09 23:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA SPORTS [2014-09-09 20:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 Demo [2014-09-09 20:37:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2014-09-09 20:35:43 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2014-09-09 20:35:43 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2014-09-09 20:35:43 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2014-09-09 20:35:42 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2014-09-09 20:35:42 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2014-09-09 20:35:42 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2014-09-09 20:35:42 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2014-09-09 20:35:42 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2014-09-09 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Local\Origin [2014-09-09 17:21:03 | 000,000,000 | ---D | C] -- C:\Users\Maciek\AppData\Local\2K Games [2014-09-09 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2014-09-08 11:06:58 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Desktop\Asics [2014-08-27 21:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2014-08-18 11:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2014-08-18 11:16:16 | 000,000,000 | ---D | C] -- C:\Users\Maciek\Documents\My Games [2014-08-18 11:16:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2014-08-18 11:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound [2014-08-18 11:14:16 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll [2014-08-18 11:14:16 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll [2014-08-18 11:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS [2014-08-18 11:14:12 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2014-08-18 11:14:12 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2014-08-18 11:14:12 | 000,122,968 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2014-08-18 11:14:12 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2014-08-18 11:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2014-08-18 11:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2014-08-18 11:11:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2014-08-18 11:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2 C:\Users\Maciek\Desktop\*.tmp files -> C:\Users\Maciek\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-09-11 22:57:09 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\48230029.sys [2014-09-11 22:56:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-09-11 22:56:30 | 3118,084,096 | -HS- | M] () -- C:\hiberfil.sys [2014-09-11 22:55:48 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-09-11 22:55:48 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-09-11 22:53:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-09-11 22:37:54 | 000,001,448 | ---- | M] () -- C:\Users\Maciek\Desktop\UsbFix.lnk [2014-09-11 22:24:30 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014-09-11 09:34:24 | 000,000,409 | ---- | M] () -- C:\Users\Public\Desktop\HP USB Disk Storage Format Tool.lnk [2014-09-11 09:33:48 | 002,074,384 | ---- | M] (Hewlett-Packard ) -- C:\Users\Maciek\Desktop\SP27608.exe [2014-09-11 08:48:18 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2014-09-11 08:47:05 | 000,242,281 | ---- | M] () -- C:\Users\Maciek\Desktop\aa.jpg [2014-09-11 08:43:46 | 000,001,190 | ---- | M] () -- C:\Users\Maciek\Desktop\CrystalDiskInfo.lnk [2014-09-11 08:31:08 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2014-09-11 08:29:41 | 000,004,070 | ---- | M] () -- C:\Windows\SysNative\.crusader [2014-09-11 07:26:48 | 000,210,958 | ---- | M] () -- C:\Users\Maciek\Desktop\a.jpg [2014-09-11 07:26:10 | 000,001,853 | ---- | M] () -- C:\Users\Maciek\Desktop\World of Warcraft.lnk [2014-09-10 11:33:27 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-09-10 11:33:27 | 000,697,912 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2014-09-10 11:33:27 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-09-10 11:33:27 | 000,134,990 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2014-09-10 11:33:27 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-09-10 11:28:13 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2014-09-10 11:27:38 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys [2014-09-10 11:27:19 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys [2014-09-10 11:27:19 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014-09-10 11:27:19 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014-09-10 11:27:19 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys [2014-09-10 11:27:19 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2014-09-10 11:27:19 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014-09-10 11:27:19 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-09-10 11:27:18 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014-09-10 11:27:18 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014-09-10 11:27:05 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2014-09-10 11:27:02 | 000,448,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys [2014-09-10 11:10:16 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014-09-09 23:53:28 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014-09-09 23:53:28 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014-09-09 23:03:05 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\F1 Challenge 99-02.lnk [2014-09-09 22:59:47 | 000,000,548 | ---- | M] () -- C:\Windows\eReg.dat [2014-09-09 22:52:39 | 000,446,472 | ---- | M] () -- C:\Users\Maciek\Desktop\12910869bf0a061ed29d8fa99800a1f3.jpg [2014-09-09 20:37:56 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 15 Demo.lnk [2014-09-09 19:39:05 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2014-09-09 17:18:04 | 000,000,822 | ---- | M] () -- C:\Users\Maciek\Desktop\Play Mafia II.lnk [2014-08-18 11:14:12 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2014-08-18 11:14:12 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2014-08-18 11:14:12 | 000,122,968 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2014-08-18 11:14:12 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2 C:\Users\Maciek\Desktop\*.tmp files -> C:\Users\Maciek\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-09-11 22:37:54 | 000,001,448 | ---- | C] () -- C:\Users\Maciek\Desktop\UsbFix.lnk [2014-09-11 09:34:24 | 000,000,409 | ---- | C] () -- C:\Users\Public\Desktop\HP USB Disk Storage Format Tool.lnk [2014-09-11 08:48:45 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2014-09-11 08:48:45 | 000,001,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2014-09-11 08:47:02 | 000,242,281 | ---- | C] () -- C:\Users\Maciek\Desktop\aa.jpg [2014-09-11 08:43:46 | 000,001,190 | ---- | C] () -- C:\Users\Maciek\Desktop\CrystalDiskInfo.lnk [2014-09-11 08:29:41 | 000,004,070 | ---- | C] () -- C:\Windows\SysNative\.crusader [2014-09-11 07:48:14 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2014-09-11 07:26:48 | 000,210,958 | ---- | C] () -- C:\Users\Maciek\Desktop\a.jpg [2014-09-10 11:28:13 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2014-09-10 11:10:16 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014-09-09 23:03:05 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\F1 Challenge 99-02.lnk [2014-09-09 22:59:47 | 000,000,548 | ---- | C] () -- C:\Windows\eReg.dat [2014-09-09 22:52:38 | 000,446,472 | ---- | C] () -- C:\Users\Maciek\Desktop\12910869bf0a061ed29d8fa99800a1f3.jpg [2014-09-09 20:37:56 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 15 Demo.lnk [2014-09-09 19:39:05 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2014-09-09 17:18:04 | 000,000,822 | ---- | C] () -- C:\Users\Maciek\Desktop\Play Mafia II.lnk [2014-07-23 23:37:20 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2014-07-23 23:37:14 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2014-05-24 10:33:55 | 000,000,007 | ---- | C] () -- C:\Users\Maciek\AppData\Local\2736282159__4_32_16.dll [2014-05-24 00:42:39 | 000,000,003 | ---- | C] () -- C:\Users\Maciek\AppData\Local\2739282159__4_32_16.dll [2014-05-23 23:48:18 | 000,000,007 | ---- | C] () -- C:\Users\Maciek\AppData\Local\2636080169__4_32_16.dll [2014-04-10 22:28:00 | 000,707,504 | ---- | C] () -- C:\Users\Maciek\AppData\Local\unins000.exe [2014-04-10 22:28:00 | 000,011,761 | ---- | C] () -- C:\Users\Maciek\AppData\Local\unins000.msg [2014-04-10 22:28:00 | 000,003,178 | ---- | C] () -- C:\Users\Maciek\AppData\Local\unins000.dat [2013-11-09 17:55:53 | 000,000,000 | ---- | C] () -- C:\Users\Maciek\pwx2tcx.ini [2013-10-26 21:50:08 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013-10-26 21:49:38 | 000,001,677 | ---- | C] () -- C:\Windows\vm331Rmv.ini [2013-10-26 21:49:38 | 000,001,677 | ---- | C] () -- C:\Windows\SysWow64\vm331Rmv.ini [2013-10-26 21:41:25 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2013-10-26 21:41:25 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2013-10-26 21:41:25 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013-10-27 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\AVAST Software [2014-03-31 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\DAEMON Tools Lite [2013-11-13 08:33:23 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\Draco Organizer [2014-04-10 23:24:07 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\e-Deklaracje [2014-04-10 23:24:08 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2014-07-16 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\EurekaLog [2013-11-08 23:43:55 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\GameRanger [2013-12-30 16:19:28 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\GHISLER [2014-06-01 23:34:25 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\ImgBurn [2013-10-26 23:41:06 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\NapiProjekt [2014-06-05 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\Nokia [2014-09-11 08:49:10 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\Opera Software [2014-07-05 00:18:24 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\Origin [2014-02-24 11:57:04 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\PC Suite [2013-10-30 15:18:56 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\Sports Interactive [2014-04-10 22:25:42 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\Unity [2014-09-11 23:07:50 | 000,000,000 | ---D | M] -- C:\Users\Maciek\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] < End of report >

**Posty:** 4765 · przez **ordynat** 12 Wrz 2014, 08:45

Brak raportu z Adw-Cleaner.

Pomogło to trochę, czy nic?
.

**Posty:** 626 · przez **Tiempo** 12 Wrz 2014, 10:48

Na chwilę obecną odnoszę wrażenie, że wszystko się uspokoiło. Nawet bałagan z pulpitu zniknął:)

Na brak loga, odpisywałem gdy było już późno, musiało mi umknąć:

Kod: Zaznacz wszystko: # AdwCleaner v3.309 - Log utworzony 11/09/2014 o 22:47:42 # Aktualizacja 02/09/2014 przez Xplode # System operacyjny : Windows 7 Home Basic (64 bits) # Użytkownik : Maciek - MACIEJ # Ścieżka : D:\AdwCleaner(1).exe # Opcja : Usuń ***** [ Usługi ] ***** ***** [ Pliki / Foldery ] ***** [!] Folder Usunięto : C:\ProgramData\Browser Manager ***** [ Zadania ] ***** ***** [ Skróty ] ***** ***** [ Rejestr ] ***** Wartość Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid] Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_winqsb(1)_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_winqsb(1)_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_winqsb_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_winqsb_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hp-usb-disk-storage-format-tool_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hp-usb-disk-storage-format-tool_RASMANCS Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1DAC034-9FD9-4C13-A388-D2E10E57707F} Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKCU\Software\torch Klucz Usunięto : HKLM\SOFTWARE\torch Dane Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\mgrldr.dll Dane Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\x64\mgrldr.dll Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe ***** [ Przeglądarki internetowe ] ***** -\\ Internet Explorer v8.0.7600.16385 -\\ Mozilla Firefox v31.0 (x86 pl) [ Plik : C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\sfpo8za2.default\prefs.js ] Wpis usunięty : user_pref("browser.search.order.1", "Ask.com"); ************************* AdwCleaner[R0].txt - [7007 octets] - [11/09/2014 07:43:56] AdwCleaner[R1].txt - [5777 octets] - [11/09/2014 22:43:27] AdwCleaner[S0].txt - [3902 octets] - [11/09/2014 22:47:42] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3962 octets] ##########

**Posty:** 4765 · przez **ordynat** 12 Wrz 2014, 10:56

Skoro się uspokoiło, to kończymy:
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
.