Reklamy i powolna praca systemu, duże obciążenie procesora

**Posty:** 555 · przez **MarcepanowyPiesek** 01 Gru 2015, 03:35

Witam!
Mam ogromny problem z moim laptopem, w każdej przeglądarce masa reklam, wyskakujących samoistnie + bardzo powolna praca całego systemu. W załączniku logi z OTL, tutaj log z Gmera. Logi tworzyły się około 5-6 godzin. Odrazu nadmienię, że nie jestem w stanie uruchomić laptopa w trybie awaryjnym. Liczę na pomoc.

Kod: Zaznacz wszystko: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-01 00:24:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a SAMSUNG_ rev.2AR1 465,76GB Running: gmer.exe; Driver: C:\Users\Novi\AppData\Local\Temp\kwldqpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\System32\svchost.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\system32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\System32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 0000000100060460 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 0000000100060370 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 0000000100060470 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 0000000100060320 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 0000000100060390 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 0000000100060310 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 0000000100060230 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 0000000100060480 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 0000000100060350 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 0000000100060290 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 0000000100060330 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 0000000100060250 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 0000000100060490 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 0000000100060200 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 0000000100060420 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 0000000100060430 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 0000000100060280 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\system32\Dwm.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\Explorer.EXE[2332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7571b21b C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7571b346 C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 75798fd1 C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 756f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 757988c4 C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 75798aa0 C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 757987ba C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 75798b8a C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7570fca8 C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 757168ef C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 75799089 C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 75798bea C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 7579877e C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7570fd41 C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7571b2dc C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 75798f4c C:\Windows\syswow64\kernel32.dll .text c:\postgreSQL\bin\postgres.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 75798713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1904] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000756f8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\System32\svchost.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007768da60 5 bytes JMP 00000000777f0460 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007768dab0 5 bytes JMP 00000000777f0450 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007768dc10 5 bytes JMP 00000000777f0370 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007768dc60 5 bytes JMP 00000000777f0470 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007768dc70 5 bytes JMP 00000000777f03e0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007768dd20 5 bytes JMP 00000000777f0320 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007768dd50 5 bytes JMP 00000000777f03b0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007768dd70 5 bytes JMP 00000000777f0390 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007768ddb0 5 bytes JMP 00000000777f02e0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007768de30 5 bytes JMP 00000000777f02d0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007768de50 5 bytes JMP 00000000777f0310 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007768de90 5 bytes JMP 00000000777f03c0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007768dee0 5 bytes JMP 00000000777f03f0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007768e040 5 bytes JMP 00000000777f0230 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007768e200 5 bytes JMP 00000000777f0480 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007768e230 5 bytes JMP 00000000777f03a0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007768e310 5 bytes JMP 00000000777f02f0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007768e320 5 bytes JMP 00000000777f0350 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007768e380 5 bytes JMP 00000000777f0290 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007768e410 5 bytes JMP 00000000777f02b0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007768e430 5 bytes JMP 00000000777f03d0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007768e440 5 bytes JMP 00000000777f0330 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007768e4b0 5 bytes JMP 00000000777f0410 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007768e4e0 5 bytes JMP 00000000777f0240 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007768e7a0 5 bytes JMP 00000000777f01e0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007768e860 5 bytes JMP 00000000777f0250 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007768e890 5 bytes JMP 00000000777f0490 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007768e8a0 5 bytes JMP 00000000777f04a0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007768e8d0 5 bytes JMP 00000000777f0300 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007768e8e0 5 bytes JMP 00000000777f0360 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007768e940 5 bytes JMP 00000000777f02a0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007768e990 5 bytes JMP 00000000777f02c0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007768e9c0 5 bytes JMP 00000000777f0380 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007768e9d0 5 bytes JMP 00000000777f0340 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007768ecc0 5 bytes JMP 00000000777f0440 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007768eec0 5 bytes JMP 00000000777f0260 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007768eed0 5 bytes JMP 00000000777f0270 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007768eee0 5 bytes JMP 00000000777f0400 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007768f0a0 5 bytes JMP 00000000777f01f0 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007768f0b0 5 bytes JMP 00000000777f0210 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007768f120 5 bytes JMP 00000000777f0200 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007768f180 5 bytes JMP 00000000777f0420 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007768f190 5 bytes JMP 00000000777f0430 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007768f1a0 5 bytes JMP 00000000777f0220 .text C:\Windows\system32\AUDIODG.EXE[228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007768f280 5 bytes JMP 00000000777f0280 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7571b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7571b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 75798fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 756f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 757988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 75798aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 757987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 75798b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7570fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 757168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 75799089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 75798bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 7579877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7570fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7571b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 75798f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 75798713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000742711a8 2 bytes [27, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000007427127d 2 bytes CALL 756f14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 0000000074271310 2 bytes CALL 756f14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000742713a8 2 bytes [27, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000074271422 2 bytes [27, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1948] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000074271498 2 bytes [27, 74] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\spoolsv.exe [1504:1704] 000007fef98a10c8 Thread C:\Windows\System32\spoolsv.exe [1504:1712] 000007fef9866144 Thread C:\Windows\System32\spoolsv.exe [1504:1716] 000007fef9655fd0 Thread C:\Windows\System32\spoolsv.exe [1504:1720] 000007fef9643438 Thread C:\Windows\System32\spoolsv.exe [1504:1724] 000007fef96563ec Thread C:\Windows\System32\spoolsv.exe [1504:1732] 000007fef9995e5c Thread C:\Windows\System32\spoolsv.exe [1504:1736] 000007fef99c5074 Thread C:\Windows\System32\spoolsv.exe [1504:1648] 000007fef9a32288 Thread C:\Windows\system32\taskhost.exe [2216:2252] 000007fef89b2740 Thread C:\Windows\system32\taskhost.exe [2216:2676] 000007fef89a1f38 Thread C:\Windows\system32\taskhost.exe [2216:2688] 000007fefaee1010 Thread C:\Windows\system32\taskhost.exe [2216:2972] 000007feff83c608 Thread C:\Windows\system32\taskhost.exe [2216:6016] 000007fef63d5170 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3024:2896] 000000007079785a Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3024:2968] 000000007043ff83 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3024:3552] 000000007043ff83 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3024:3556] 0000000070436447 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3024:3932] 000000007074247a Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3024:4048] 000000007043ff83 Thread C:\Windows\system32\svchost.exe [5104:2696] 000007fef45bf130 Thread C:\Windows\system32\svchost.exe [5104:5444] 000007fef45b4734 Thread C:\Windows\system32\svchost.exe [5104:6320] 000007fef45b4734 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3528:132] 000007fefbbb2ae8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2bacb1de Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2bacb1de@a00798992e34 0x8B 0x67 0x8D 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2bacb1de@0cc66a682bbc 0x66 0xB2 0x77 0xF6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2bacb1de (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2bacb1de@a00798992e34 0x8B 0x67 0x8D 0x4F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2bacb1de@0cc66a682bbc 0x66 0xB2 0x77 0xF6 ... ---- Files - GMER 2.1 ---- File C:\Users\Novi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RRVQGE1W\cm[1] 0 bytes ---- EOF - GMER 2.1 ----

**Posty:** 4765 · przez **ordynat** 01 Gru 2015, 08:32

1) Odinstaluj program "WordFly_1.10.0.28"

2) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego

3) Zrób logi z FRST > http://forum.programosy.pl/frst-otl-zoek-vt139692.html
Przed skanem zaznacz "Addition.txt" oraz "Shortcut.txt"
.

**Posty:** 555 · przez **MarcepanowyPiesek** 01 Gru 2015, 12:59

Wszystkie zalecenia wykonane. Poniżej logi.

**Posty:** 4765 · przez **ordynat** 01 Gru 2015, 13:02

Jest fatalnie!

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1523797889-172687695-3278824753-1001\$23034714ed7c0f4a10b9ead4b03f400f

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$23034714ed7c0f4a10b9ead4b03f400f

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dllUWAGA! ====> ZeroAccess?

Winsock: Catalog5 01 mswsock.dll Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\System32\mswsock.dll"

1) Otwórz Notatnik i wklej w nim:

AlternateDataStreams: C:\Windows:s8vj4g0sk4d1
AlternateDataStreams: C:\Users\Novi\Dane aplikacji:lv93ja32540f
AlternateDataStreams: C:\Users\Novi\AppData\Roaming:lv93ja32540f
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter 2\Little Fighter 2.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter 2\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter 2\Website.lnk
C:\Users\Novi\Downloads\Minecraft\.minecraft\INVedit.lnk
C:\Users\Novi\Desktop\STUDIA\radiologia\FIFA 14 Demo.lnk
C:\Users\Novi\Desktop\MUZYKA + koncerty\mp3\ajpodkuby\Metin2.lnk
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
C:\Users\postgres\Desktop\Little Fighter 2.lnk
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dllUWAGA! ====> ZeroAccess?
HKU\S-1-5-21-1523797889-172687695-3278824753-1001\...409d6c4515e9\InprocServer32: [Default-shell32] <==== UWAGA
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
GroupPolicyUsers\S-1-5-21-1523797889-172687695-3278824753-1002\User: Ograniczenia <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
Winsock: Catalog5 01 mswsock.dll Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\System32\mswsock.dll"
HKU\S-1-5-21-1523797889-172687695-3278824753-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
FF NewTab: about:newtab
FF Extension: Brak nazwy - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [Brak podpisu cyfrowego]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
C:\Users\Novi\Desktop\Adobe-Flash-Player-13091-dp.exe
C:\ProgramData\bltofzsb.qlf
C:\ProgramData\flwjycbm.bab
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Powstanie plik fixlog.txt.
Daj ten log.

2) Użyj >>RogueKiller (aby pobrać kliknij na obrazek x64 po Lien de téléchargement :)
Kliknij w nim SCAN, a po wyszukaniu szkodliwych rzeczy kliknij DELETE. Pokaż oba raporty z niego.

3) Zrób log z Farbar Service Scanner >http://download.bleepingcomputer.com/farbar/FSS.exe (do skanowania zaznacz wszystko).

4) Zrób logi z FRST - już bez Shortcut.
.

**Posty:** 555 · przez **MarcepanowyPiesek** 01 Gru 2015, 15:59

Użyłem RogueKillera, niestety po restarcie komputera nie wygenerowały mi się żadne logi (chyba, że sa w którymś folderze systemowym ale osobiście nie potrafię ich znaleść).

ordynat napisał(a):Jest fatalnie!

Potrafisz człowieka pocieszyć, też mi się nie podobają te pogrubione ciągi losowych znaków

EDIT:

Problem z wyskakującymi reklamami trwa nadal, wykonuje kolejny skan RogueKillerem i postaram się zrobić z tego raport przed restartem.

**Posty:** 4765 · przez **ordynat** 01 Gru 2015, 16:35

Potrafisz człowieka pocieszyć,

teraz mam lepsze wieści:
ZeroAcces nie zniszczył żadnych usług Systemowych, WINSOCK został naprawiony, nie masz żadnego reklamiarza.
Natomiast z gorszych wieści: ZeroAcces jest dalej.

Otwórz Notatnik i wklej w nim:

OPR Extension: (Brak nazwy) - C:\Users\Novi\AppData\Roaming\Opera Software\Opera Stable\Extensions\ffngmpmaobjpodfmlmoancnbjbgbhlcf
C:\$Recycle.Bin\S-1-5-18\$23034714ed7c0f4a10b9ead4b03f400f
C:\$Recycle.Bin\S-1-5-21-1523797889-172687695-3278824753-1001\$23034714ed7c0f4a10b9ead4b03f400f
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Powstanie plik fixlog.txt.
Daj ten log.

Przeinstaluj przeglądarkę, na której widzisz reklamy.

Zrób nowy log FRST - już bez Addition.

.

**Posty:** 555 · przez **MarcepanowyPiesek** 01 Gru 2015, 17:01

Logi w załączniku (coraz szybciej się generują więc jest progress)

**Posty:** 4765 · przez **ordynat** 01 Gru 2015, 17:36

W nowych logach nie ma już niczego podejrzanego (jest wpis z Opery, ale Opery nie ma liście Twoich programów, więc to się nie liczy).

Chyba możemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

FSS - usuń ręcznie.

Rogue Killer - usuń ręcznie.
.

Autor postu otrzymał pochwałę

**Posty:** 555 · przez **MarcepanowyPiesek** 01 Gru 2015, 18:28

Dzięi wielkie za pomoc. Proszę o przeczytanie treści pochwały

**Posty:** 4765 · przez **ordynat** 01 Gru 2015, 18:37

Przeczytałem, dzięki.
.

Kto jest na forum