Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3900: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3902: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3903: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3904: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
Wyskakujące reklamy, samoczynne uruchamianie stron • programosy.pl
Aktualizacje na programosy.pl: Draco Organizer ProAIDA64 Extreme Editionungoogled-chromiumPeaZip PortablePeaZipArgus MonitorChromiumKaspersky Rescue DiskVim  

  • Ogłoszenie:

Wyskakujące reklamy, samoczynne uruchamianie stron

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Wyskakujące reklamy, samoczynne uruchamianie stron

Postprzez 4_life 07 Lis 2013, 20:31

reklama
Witam,mam problemy z komputerem. Wyskakują co kilka minut jakieś reklamy. Usunąłem już multum programów (głównie toolbary), ale program występuje nadal. Oprócz tego co kilka minut samoczynnie uruchamia się domyślna przeglądarka internetowa (również różne reklamy).
Załączam log z Gmer oraz dwa logi z OTL.

Kod: Zaznacz wszystko
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-07 19:16:38
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000035 Hitachi_HTS547550A9E384 rev.JE3OA50B 465,76GB
Running: cx4469uc.exe; Driver: C:\Users\Dom\AppData\Local\Temp\pwdcqpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988                                                                    fffff801a5c5f41c 1 byte [31]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable                                                                   fffff960001c2c00 7 bytes [40, A3, 82, 01, 00, 52, F2]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                               fffff960001c2c08 7 bytes [01, 04, C2, FF, 00, A4, DC]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                           000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                    000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                    000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                         000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                               000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                    000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                             000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                      000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                    000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                  000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                              000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                   000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                   000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                        000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                       000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                             000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                   000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                 000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                    000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                             000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                     000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                       000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                  000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                               000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                     000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                  000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                     000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                      000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                               000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                              000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                 000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                               000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                           000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                            000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                 000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                 000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                  000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                             000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                     000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163                          000007fba77bf7eb 1 byte [62]
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                         000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                  000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                  000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                       000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                             000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                  000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                           000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                              000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                    000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                  000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                            000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                 000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                              000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                 000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                      000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                     000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                              000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                           000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                 000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                              000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                               000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                  000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                           000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                              000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                   000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                              000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                              000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                     000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                             000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                   000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                   000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                    000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                             000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                            000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                               000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                             000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                         000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                          000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                               000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                               000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                           000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                   000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                           000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                    000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                    000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                         000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                               000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                    000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                             000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                      000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                    000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                  000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                              000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                   000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                   000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                        000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                       000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                             000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                   000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                 000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                    000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                             000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                     000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                       000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                  000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                               000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                     000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                  000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                     000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                      000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                               000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                              000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                 000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                               000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                           000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                            000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                 000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                 000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                  000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                             000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                     000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163                          000007fba77bf7eb 1 byte [62]
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                             000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                           000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                  000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\winlogon.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                             000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                           000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                  000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\services.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                           000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                    000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                    000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                         000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                               000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                    000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                             000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                      000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                    000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                  000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                              000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                   000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                   000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                        000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                       000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                             000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                   000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                 000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                    000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                             000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                     000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                       000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                  000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                               000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                     000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                  000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                     000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                      000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                               000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                              000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                 000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                               000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                           000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                            000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                 000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                 000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                  000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                             000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                     000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                         000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                  000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                  000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                       000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                             000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                  000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                           000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                              000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                    000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                  000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                            000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                 000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                              000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                 000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                      000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                     000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                              000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                           000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                 000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                              000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                               000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                  000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                           000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                              000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                   000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                              000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                              000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                     000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                             000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                   000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                   000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                    000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                             000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                            000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                               000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                             000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                         000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                          000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                               000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                               000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                           000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                   000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                        000007fba77bf7eb 1 byte [62]
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                         000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                  000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                  000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                       000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                             000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                  000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                           000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                              000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                    000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                  000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                            000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                 000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                              000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                 000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                      000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                     000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                              000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                           000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                 000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                              000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                               000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                  000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                           000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                              000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                   000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                              000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                              000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                     000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                             000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                   000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                   000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                    000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                             000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                            000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                               000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                             000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                         000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                          000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                               000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                               000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                           000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                   000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\svchost.exe[804] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                        000007fba77bf7eb 1 byte [62]
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                         000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                  000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                  000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                       000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                             000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                  000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                           000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                              000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                    000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                  000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                            000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                 000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                              000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                 000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                      000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                     000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                              000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                           000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                 000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                              000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                               000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                  000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                           000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                              000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                   000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                              000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                              000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                     000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                             000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                   000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                   000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                    000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                             000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                            000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                               000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                             000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                         000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                          000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                               000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                               000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                           000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                   000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\System32\svchost.exe[848] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                        000007fba77bf7eb 1 byte [62]
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                             000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                      000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                      000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                           000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                 000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                      000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                               000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                  000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                        000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                      000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                    000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                     000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                  000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                     000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                          000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                         000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                  000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                               000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                     000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                  000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                   000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                      000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                               000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                  000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                       000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                  000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                  000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                         000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                    000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                 000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                       000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                    000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                       000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                        000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                 000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                   000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                 000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                             000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                              000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                   000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                   000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                    000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                               000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\dwm.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                       000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                         000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                  000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                  000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                       000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                             000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                  000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                           000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                              000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                    000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                  000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                            000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                 000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                              000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                 000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                      000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                     000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                              000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                           000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                 000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                              000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                               000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                  000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                           000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                              000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                   000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                              000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                              000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                     000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                             000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                   000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                   000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                    000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                             000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                            000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                               000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                             000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                         000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                          000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                               000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                               000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                           000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                   000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                         000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                  000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                  000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                       000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                             000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                  000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                           000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                              000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                    000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                  000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                            000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                 000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                              000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                 000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                      000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                     000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                              000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                           000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                 000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                              000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                               000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                  000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                           000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                              000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                   000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                              000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                              000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                     000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                             000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                   000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                   000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                    000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                             000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                            000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                               000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                             000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                         000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                          000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                               000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                               000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                           000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                   000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                        000007fba77bf7eb 1 byte [62]
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                         000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                  000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                  000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                       000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                             000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                  000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                           000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                              000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                    000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                  000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                            000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                 000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                              000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                 000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                      000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                     000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                              000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                           000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                 000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                              000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                               000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                  000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                           000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                              000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                   000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                              000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                              000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                     000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                             000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                   000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                   000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                    000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                             000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                            000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                               000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                             000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                         000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                          000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                               000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                               000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                           000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                   000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\System32\svchost.exe[388] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                        000007fba77bf7eb 1 byte [62]
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                         000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                  000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                  000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                       000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                             000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                  000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                           000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                              000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                    000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                  000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                            000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                 000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                              000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                 000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                      000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                     000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                              000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                           000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                 000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                              000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                               000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                  000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                           000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                              000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                   000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                              000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                              000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                     000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                             000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                   000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                   000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                    000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                             000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                            000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                               000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                             000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                         000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                          000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                               000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                               000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                           000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                   000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\svchost.exe[476] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                        000007fba77bf7eb 1 byte [62]
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                         000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                         000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                              000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                    000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                         000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                     000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                           000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                         000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                       000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                   000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                        000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                     000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                        000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                             000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                            000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                     000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                  000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                        000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                     000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                      000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                         000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                  000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                     000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                          000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                     000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                     000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                            000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                       000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                    000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                          000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                       000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                          000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                           000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                    000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                   000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                      000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                    000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                 000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                      000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                      000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                       000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                  000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                          000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\Explorer.EXE[1316] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                               000007fba77bf7eb 1 byte [62]
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                             000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                           000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                  000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\System32\spoolsv.exe[1500] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                       000007fba77bf7eb 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                             000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                           000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                  000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\svchost.exe[1528] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                       000007fba77bf7eb 1 byte [62]
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                     000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                              000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                              000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                   000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                         000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                              000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                       000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                          000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                              000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                            000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                        000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                             000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                          000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                             000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                  000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                 000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                          000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                       000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                             000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                          000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                           000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                              000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                       000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                          000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                               000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                          000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                          000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                 000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                            000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                         000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                               000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                            000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                               000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                         000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                        000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                           000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                         000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                     000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                      000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                           000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                           000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                            000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                       000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\taskhostex.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                               000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000007fba8a02ea0 5 bytes JMP 000007fc28bd03e0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                             000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                           000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                  000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000007fba8a04251 5 bytes JMP 000007fc28bd0400
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\dashost.exe[1988] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                       000007fba77bf7eb 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                       000007fba8a02d60 5 bytes JMP 000007fba8bc0b14
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                           000007fba8a02dc0 5 bytes JMP 000007fba8bc0ecc
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000007fba8a02ea0 5 bytes JMP 000007fba8bc163c
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                             000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                           000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                        000007fba8a030e0 5 bytes JMP 000007fba8bc1284
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                  000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000007fba8a04251 5 bytes JMP 000007fba8bc19f4
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                  000007fba8a14a10 5 bytes JMP 000007fba8bc075c
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                    000007fba8a331c4 5 bytes JMP 000007fba8bc03a4
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\sechost.dll!DeleteService                               000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                       000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                              000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                        000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                              000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                       000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                        000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                    000007fba89db6d4 5 bytes JMP 000007fc28a01dac
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx                          000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                            000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\user32.dll!UnhookWinEvent                               000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook                              000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Windows\system32\svchost.exe[1580] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                            000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                       000007fba8a02d60 5 bytes JMP 000007fba8bc0b14
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                           000007fba8a02dc0 5 bytes JMP 000007fba8bc0ecc
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000007fba8a02ea0 5 bytes JMP 000007fba8bc163c
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                             000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                           000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                        000007fba8a030e0 5 bytes JMP 000007fba8bc1284
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                  000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000007fba8a04251 5 bytes JMP 000007fba8bc19f4
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                  000007fba8a14a10 5 bytes JMP 000007fba8bc075c
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                    000007fba8a331c4 5 bytes JMP 000007fba8bc03a4
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\sechost.dll!DeleteService                               000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                       000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                              000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                        000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                              000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                       000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                        000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                    000007fba89db6d4 5 bytes JMP 000007fc28a01dac
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                          000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\system32\USER32.dll!SetWindowsHookExW                            000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\system32\USER32.dll!UnhookWinEvent                               000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\system32\USER32.dll!SetWinEventHook                              000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Windows\system32\svchost.exe[1388] C:\Windows\system32\USER32.dll!SetWindowsHookExA                            000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort      000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject               000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory     000007fba8a02d60 5 bytes JMP 000007fba8bc0b14
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory         000007fba8a02dc0 5 bytes JMP 000007fba8bc0ecc
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess               000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx    000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess          000007fba8a02ea0 5 bytes JMP 000007fba8bc163c
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection               000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory        000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject           000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                 000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent               000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection             000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2         000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread              000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory      000007fba8a030e0 5 bytes JMP 000007fba8bc1284
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread           000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry              000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort   000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject  000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair           000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion        000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant              000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore           000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx            000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer               000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess        000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry           000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry           000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey           000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys  000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair             000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion          000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore             000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                 000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx          000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder         000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions            000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread          000007fba8a04251 5 bytes JMP 000007fba8bc19f4
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation      000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState       000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem            000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess            000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread             000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl        000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                000007fba8a14a10 5 bytes JMP 000007fba8bc075c
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                  000007fba8a331c4 5 bytes JMP 000007fba8bc03a4
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\sechost.dll!DeleteService             000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W     000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW            000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW      000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA            000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A     000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA      000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity  000007fba89db6d4 5 bytes JMP 000007fc28a01dac
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx        000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\system32\USER32.dll!SetWindowsHookExW          000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\system32\USER32.dll!UnhookWinEvent             000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\system32\USER32.dll!SetWinEventHook            000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Program Files (x86)\Whilokii\updateWhilokii.exe[728] C:\Windows\system32\USER32.dll!SetWindowsHookExA          000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                       000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                      000007fba8a02d60 5 bytes JMP 000007fba8bc0b14
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                          000007fba8a02dc0 5 bytes JMP 000007fba8bc0ecc
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                     000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                           000007fba8a02ea0 5 bytes JMP 000007fba8bc163c
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                         000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                            000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                  000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                              000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                          000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                               000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                       000007fba8a030e0 5 bytes JMP 000007fba8bc1284
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                            000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                               000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                    000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                   000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                            000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                         000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                               000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                            000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                             000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                         000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                            000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                 000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                            000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                            000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                   000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                              000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                           000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                 000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                              000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                 000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                  000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                           000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                          000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                             000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                           000007fba8a04251 5 bytes JMP 000007fba8bc19f4
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                       000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                        000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                             000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                             000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                              000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                         000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                 000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                 000007fba8a14a10 5 bytes JMP 000007fba8bc075c
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                   000007fba8a331c4 5 bytes JMP 000007fba8bc03a4
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                         000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\system32\USER32.dll!SetWindowsHookExW                           000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\system32\USER32.dll!UnhookWinEvent                              000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\system32\USER32.dll!SetWinEventHook                             000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\system32\USER32.dll!SetWindowsHookExA                           000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\sechost.dll!DeleteService                              000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                      000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                             000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                       000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                             000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                      000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                       000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Windows\System32\igfxtray.exe[3052] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                   000007fba89db6d4 5 bytes JMP 000007fc28a01dac
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                          000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                   000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                         000007fba8a02d60 5 bytes JMP 000007fba8bc0b14
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                             000007fba8a02dc0 5 bytes JMP 000007fba8bc0ecc
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                   000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                        000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                              000007fba8a02ea0 5 bytes JMP 000007fba8bc163c
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                   000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                            000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                               000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                     000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                   000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                 000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                             000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                  000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                          000007fba8a030e0 5 bytes JMP 000007fba8bc1284
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                               000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                  000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                       000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                      000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                               000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                            000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                  000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                               000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                   000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                            000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                               000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                    000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                               000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                               000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                      000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                 000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                              000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                    000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                 000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                    000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                     000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                              000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                             000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                              000007fba8a04251 5 bytes JMP 000007fba8bc19f4
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                          000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                           000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                 000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                            000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                    000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                    000007fba8a14a10 5 bytes JMP 000007fba8bc075c
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                      000007fba8a331c4 5 bytes JMP 000007fba8bc03a4
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                            000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\system32\USER32.dll!SetWindowsHookExW                              000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\system32\USER32.dll!UnhookWinEvent                                 000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\system32\USER32.dll!SetWinEventHook                                000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\system32\USER32.dll!SetWindowsHookExA                              000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                 000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                         000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                          000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                         000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                          000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Windows\System32\hkcmd.exe[3068] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                      000007fba89db6d4 5 bytes JMP 000007fc28a01dac
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                       000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                      000007fba8a02d60 5 bytes JMP 000007fba8bc0b14
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                          000007fba8a02dc0 5 bytes JMP 000007fba8bc0ecc
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                     000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                           000007fba8a02ea0 5 bytes JMP 000007fba8bc163c
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                         000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                            000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                  000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                              000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                          000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                               000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                       000007fba8a030e0 5 bytes JMP 000007fba8bc1284
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                            000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                               000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                    000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                   000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                            000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                         000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                               000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                            000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                             000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                         000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                            000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                 000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                            000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                            000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                   000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                              000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                           000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                 000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                              000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                 000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                  000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                           000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                          000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                             000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                           000007fba8a04251 5 bytes JMP 000007fba8bc19f4
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                       000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                        000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                             000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                             000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                              000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                         000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                 000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                 000007fba8a14a10 5 bytes JMP 000007fba8bc075c
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                   000007fba8a331c4 5 bytes JMP 000007fba8bc03a4
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                         000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\system32\USER32.dll!SetWindowsHookExW                           000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\system32\USER32.dll!UnhookWinEvent                              000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\system32\USER32.dll!SetWinEventHook                             000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\system32\USER32.dll!SetWindowsHookExA                           000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\sechost.dll!DeleteService                              000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                      000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                             000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                       000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                             000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                      000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                       000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                   000007fba89db6d4 5 bytes JMP 000007fc28a01dac
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306               000007fba868177a 4 bytes [68, A8, FB, 07]
.text   C:\Windows\System32\igfxpers.exe[2428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314               000007fba8681782 4 bytes [68, A8, FB, 07]
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                  000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                           000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                 000007fba8a02d60 5 bytes JMP 000007fba8bc0b14
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                     000007fba8a02dc0 5 bytes JMP 000007fba8bc0ecc
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                           000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                      000007fba8a02ea0 5 bytes JMP 000007fba8bc163c
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                           000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                    000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                       000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                             000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                           000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                         000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                     000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                          000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                  000007fba8a030e0 5 bytes JMP 000007fba8bc1284
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                       000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                          000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort               000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject              000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                       000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                    000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                          000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                       000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                        000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                           000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                    000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                       000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                            000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                       000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                       000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys              000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                         000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                      000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                            000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                         000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                            000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                             000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                      000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                     000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                        000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                      000007fba8a04251 5 bytes JMP 000007fba8bc19f4
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                  000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                   000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                        000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                        000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                         000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                    000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                            000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                            000007fba8a14a10 5 bytes JMP 000007fba8bc075c
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                              000007fba8a331c4 5 bytes JMP 000007fba8bc03a4
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                    000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\system32\USER32.dll!SetWindowsHookExW                      000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\system32\USER32.dll!UnhookWinEvent                         000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\system32\USER32.dll!SetWinEventHook                        000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\system32\USER32.dll!SetWindowsHookExA                      000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\sechost.dll!DeleteService                         000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                 000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                        000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                  000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                        000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                 000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                  000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Windows\system32\SearchIndexer.exe[1484] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity              000007fba89db6d4 5 bytes JMP 000007fc28a01dac
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                       000007fba8a02d60 5 bytes JMP 000007fba8bc0b14
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                           000007fba8a02dc0 5 bytes JMP 000007fba8bc0ecc
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000007fba8a02ea0 5 bytes JMP 000007fba8bc163c
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                             000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                           000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                        000007fba8a030e0 5 bytes JMP 000007fba8bc1284
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                  000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000007fba8a04251 5 bytes JMP 000007fba8bc19f4
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                  000007fba8a14a10 5 bytes JMP 000007fba8bc075c
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                    000007fba8a331c4 5 bytes JMP 000007fba8bc03a4
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163                       000007fba77bf7eb 1 byte [62]
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\sechost.dll!DeleteService                               000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                       000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                              000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                        000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                              000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                       000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                        000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                    000007fba89db6d4 5 bytes JMP 000007fc28a01dac
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                          000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\system32\USER32.dll!SetWindowsHookExW                            000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\system32\USER32.dll!UnhookWinEvent                               000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\system32\USER32.dll!SetWinEventHook                              000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Windows\system32\taskeng.exe[3632] C:\Windows\system32\USER32.dll!SetWindowsHookExA                            000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                       000007fba8a02d60 5 bytes JMP 000007fba8bc0b14
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                           000007fba8a02dc0 5 bytes JMP 000007fba8bc0ecc
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000007fba8a02ea0 5 bytes JMP 000007fba8bc163c
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                             000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                           000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                        000007fba8a030e0 5 bytes JMP 000007fba8bc1284
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                  000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000007fba8a04251 5 bytes JMP 000007fba8bc19f4
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                  000007fba8a14a10 5 bytes JMP 000007fba8bc075c
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                    000007fba8a331c4 5 bytes JMP 000007fba8bc03a4
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163                       000007fba77bf7eb 1 byte [62]
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\sechost.dll!DeleteService                               000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                       000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                              000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                        000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                              000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                       000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                        000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                    000007fba89db6d4 5 bytes JMP 000007fc28a01dac
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                          000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\system32\USER32.dll!SetWindowsHookExW                            000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\system32\USER32.dll!UnhookWinEvent                               000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\system32\USER32.dll!SetWinEventHook                              000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Windows\System32\svchost.exe[4012] C:\Windows\system32\USER32.dll!SetWindowsHookExA                            000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                  000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                           000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                 000007fba8a02d60 5 bytes JMP 000007fba8bc0b14
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                     000007fba8a02dc0 5 bytes JMP 000007fba8bc0ecc
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                           000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                      000007fba8a02ea0 5 bytes JMP 000007fba8bc163c
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                           000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                    000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                       000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                             000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                           000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                         000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                     000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                          000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                  000007fba8a030e0 5 bytes JMP 000007fba8bc1284
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                       000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                          000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort               000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject              000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                       000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                    000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                          000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                       000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                        000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                           000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                    000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                       000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                            000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                       000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                       000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys              000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                         000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                      000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                            000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                         000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                            000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                             000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                      000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                     000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                        000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                      000007fba8a04251 5 bytes JMP 000007fba8bc19f4
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                  000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                   000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                        000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                        000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                         000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                    000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                            000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                            000007fba8a14a10 5 bytes JMP 000007fba8bc075c
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                              000007fba8a331c4 5 bytes JMP 000007fba8bc03a4
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163                 000007fba77bf7eb 1 byte [62]
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\sechost.dll!DeleteService                         000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                 000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                        000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                  000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                        000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                 000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                  000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity              000007fba89db6d4 5 bytes JMP 000007fc28a01dac
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx                    000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                      000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\user32.dll!UnhookWinEvent                         000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook                        000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Windows\system32\wbem\wmiprvse.exe[4468] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                      000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        000007fba8a02c90 5 bytes JMP 000007fc28bd0460
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 000007fba8a02ce0 5 bytes JMP 000007fc28bd0450
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                       000007fba8a02d60 5 bytes JMP 000007fba8bc0b14
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                           000007fba8a02dc0 5 bytes JMP 000007fba8bc0ecc
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 000007fba8a02e40 5 bytes JMP 000007fc28bd0370
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      000007fba8a02e90 5 bytes JMP 000007fc28bd0470
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000007fba8a02ea0 5 bytes JMP 000007fba8bc163c
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 000007fba8a02f50 5 bytes JMP 000007fc28bd0320
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          000007fba8a02f80 5 bytes JMP 000007fc28bd03b0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                             000007fba8a02fa0 5 bytes JMP 000007fc28bd0390
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   000007fba8a02fe0 5 bytes JMP 000007fc28bd02e0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 000007fba8a03060 5 bytes JMP 000007fc28bd02d0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               000007fba8a03080 1 byte JMP 000007fc28bd0310
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                           000007fba8a03082 3 bytes {JMP 0xffffffff801cd290}
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                000007fba8a030c0 5 bytes JMP 000007fc28bd03c0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                        000007fba8a030e0 5 bytes JMP 000007fba8bc1284
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             000007fba8a03110 5 bytes JMP 000007fc28bd03f0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                000007fba8a03281 5 bytes JMP 000007fc28bd0230
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     000007fba8a03471 5 bytes JMP 000007fc28bd0480
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    000007fba8a034a1 5 bytes JMP 000007fc28bd03a0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             000007fba8a035b1 5 bytes JMP 000007fc28bd02f0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          000007fba8a035d1 5 bytes JMP 000007fc28bd0350
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                000007fba8a03641 5 bytes JMP 000007fc28bd0290
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             000007fba8a036d1 5 bytes JMP 000007fc28bd02b0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              000007fba8a036f1 5 bytes JMP 000007fc28bd03d0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 000007fba8a03701 5 bytes JMP 000007fc28bd0330
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          000007fba8a037a1 5 bytes JMP 000007fc28bd0410
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             000007fba8a037d1 5 bytes JMP 000007fc28bd0240
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  000007fba8a03ae1 5 bytes JMP 000007fc28bd01e0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             000007fba8a03ba1 5 bytes JMP 000007fc28bd0250
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             000007fba8a03bd1 5 bytes JMP 000007fc28bd0490
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    000007fba8a03be1 5 bytes JMP 000007fc28bd04a0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               000007fba8a03c11 5 bytes JMP 000007fc28bd0300
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            000007fba8a03c21 5 bytes JMP 000007fc28bd0360
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  000007fba8a03c81 5 bytes JMP 000007fc28bd02a0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               000007fba8a03cd1 5 bytes JMP 000007fc28bd02c0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                  000007fba8a03d01 5 bytes JMP 000007fc28bd0380
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   000007fba8a03d11 5 bytes JMP 000007fc28bd0340
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            000007fba8a04021 5 bytes JMP 000007fc28bd0440
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           000007fba8a04221 5 bytes JMP 000007fc28bd0260
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              000007fba8a04231 5 bytes JMP 000007fc28bd0270
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000007fba8a04251 5 bytes JMP 000007fba8bc19f4
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        000007fba8a04431 5 bytes JMP 000007fc28bd01f0
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         000007fba8a04441 5 bytes JMP 000007fc28bd0210
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              000007fba8a044b1 5 bytes JMP 000007fc28bd0200
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              000007fba8a04521 5 bytes JMP 000007fc28bd0420
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               000007fba8a04531 5 bytes JMP 000007fc28bd0430
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          000007fba8a04541 5 bytes JMP 000007fc28bd0220
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  000007fba8a04651 5 bytes JMP 000007fc28bd0280
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                  000007fba8a14a10 5 bytes JMP 000007fba8bc075c
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                    000007fba8a331c4 5 bytes JMP 000007fba8bc03a4
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!DeleteService                               000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                       000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                              000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                        000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                              000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                       000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                        000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                    000007fba89db6d4 5 bytes JMP 000007fc28a01dac
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx                          000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                            000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\user32.dll!UnhookWinEvent                               000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook                              000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Windows\system32\DllHost.exe[4588] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                            000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                       000007fba8a02d60 5 bytes JMP 000007fc28bd0b14
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                           000007fba8a02dc0 5 bytes JMP 000007fc28bd0ecc
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000007fba8a02ea0 5 bytes JMP 000007fc28bd163c
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                        000007fba8a030e0 5 bytes JMP 000007fc28bd1284
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000007fba8a04251 5 bytes JMP 000007fc28bd19f4
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                  000007fba8a14a10 5 bytes JMP 000007fc28bd075c
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                    000007fba8a331c4 5 bytes JMP 000007fc28bd03a4
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163                       000007fba77bf7eb 1 byte [62]
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                          000007fba8262120 5 bytes JMP 000007fc283b1284
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\system32\USER32.dll!SetWindowsHookExW                            000007fba826bee0 5 bytes JMP 000007fc283b0ecc
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\system32\USER32.dll!UnhookWinEvent                               000007fba826e030 5 bytes JMP 000007fc283b075c
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\system32\USER32.dll!SetWinEventHook                              000007fba8272f70 5 bytes JMP 000007fc283b03a4
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\system32\USER32.dll!SetWindowsHookExA                            000007fba8291850 5 bytes JMP 000007fc283b0b14
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\sechost.dll!DeleteService                               000007fba89b7510 5 bytes JMP 000007fc28a00b14
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                       000007fba89b7550 5 bytes JMP 000007fc28a019f4
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                              000007fba89b75d0 5 bytes JMP 000007fc28a0075c
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                        000007fba89b7b20 5 bytes JMP 000007fc28a01284
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                              000007fba89db034 5 bytes JMP 000007fc28a003a4
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                       000007fba89db2e4 5 bytes JMP 000007fc28a0163c
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                        000007fba89db470 5 bytes JMP 000007fc28a00ecc
.text   C:\Windows\system32\Taskmgr.exe[5020] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                    000007fba89db6d4 5 bytes JMP 000007fc28a01dac

---- User IAT/EAT - GMER 2.1 ----

IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\Explorer.EXE[USER32.dll!LoadImageW]                                    [6c0014e0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\Explorer.EXE[USER32.dll!SetWindowRgn]                                  [6c00b6e0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\Explorer.EXE[USER32.dll!TrackPopupMenuEx]                              [6c00b610] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\Explorer.EXE[USER32.dll!PeekMessageW]                                  [6c009cc0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\Explorer.EXE[UxTheme.dll!DrawThemeTextEx]                              [6c0018a0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\Explorer.EXE[UxTheme.dll!GetThemeBool]                                 [6c001600] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\Explorer.EXE[UxTheme.dll!GetThemeColor]                                [6c0017e0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\Explorer.EXE[UxTheme.dll!OpenThemeData]                                [6c001480] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\Explorer.EXE[UxTheme.dll!GetThemeRect]                                 [6c001690] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\Explorer.EXE[dwmapi.dll!DwmEnableBlurBehindWindow]                     [6c00b820] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!ShowWindow]                             [6c0084c0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!PostMessageW]                           [6c008530] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!SetCursorPos]                           [6c0089f0] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
IAT     C:\Windows\Explorer.EXE[1316] @ C:\Windows\SYSTEM32\twinui.dll[USER32.dll!TrackPopupMenu]                         [6c008880] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [540:564]                                                                           fffff9600081c5e8
Thread  C:\Program Files\Microsoft Office\Office15\MsoSync.exe [3660:3440]                                                000007fb98a9ba90
Thread  C:\Program Files\Microsoft Office\Office15\MsoSync.exe [3660:1404]                                                000007fb98a9ba90
Thread  C:\Program Files\Microsoft Office\Office15\MsoSync.exe [3660:3292]                                                000007fb98a9ba90

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@rpcrt4                                            rpcrt4.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@DllDirectory                                      %SystemRoot%\system32
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@combase                                           combase.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@gdiplus                                           gdiplus.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@IMAGEHLP                                          IMAGEHLP.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@MSVCRT                                            MSVCRT.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@SHLWAPI                                           SHLWAPI.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@COMDLG32                                          COMDLG32.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@NORMALIZ                                          NORMALIZ.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@PSAPI                                             PSAPI.DLL
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@WLDAP32                                           WLDAP32.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@ole32                                             ole32.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@DllDirectory32                                    %SystemRoot%\syswow64
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@IMM32                                             IMM32.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@_Wow64cpu                                         Wow64cpu.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@URLMON                                            URLMON.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@MSCTF                                             MSCTF.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@_Wow64win                                         Wow64win.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@OLEAUT32                                          OLEAUT32.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@LPK                                               LPK.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@clbcatq                                           clbcatq.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@WS2_32                                            WS2_32.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@SHELL32                                           SHELL32.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@gdi32                                             gdi32.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@_Wow64                                            Wow64.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@DifxApi                                           difxapi.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@Setupapi                                          Setupapi.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@kernel32                                          kernel32.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@advapi32                                          advapi32.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@user32                                            user32.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@IERTUTIL                                          IERTUTIL.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@WININET                                           WININET.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@NSI                                               NSI.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@sechost                                           sechost.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Type                                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Start                                                             2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@ErrorControl                                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DisplayName                                                       aswFsBlk
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Group                                                             FSFilter Activity Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DependOnService                                                   FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Description                                                       avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Tag                                                               2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances@DefaultInstance                                         aswFsBlk Instance
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                              388400
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                 0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Type                                                             2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Start                                                            2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ErrorControl                                                     1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath                                                        \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DisplayName                                                      aswMonFlt
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Group                                                            FSFilter Anti-Virus
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DependOnService                                                  FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Description                                                      avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances@DefaultInstance                                        aswMonFlt Instance
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                            320700
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Flags                               0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath                                                           \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Type                                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Start                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ErrorControl                                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DisplayName                                                         aswRdr
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Group                                                               PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DependOnService                                                     tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Description                                                         avast! WFP Redirect driver
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@MSIgnoreLSPDefault                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@WSIgnoreLSPDefault                                       nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Type                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Start                                                              0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ErrorControl                                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@DisplayName                                                        aswRvrt
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Description                                                        avast! Revert
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter                                             71
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@TickCounter                                             320812
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot                                              \Device\HarddiskVolume2\Windows
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@ImproperShutdown                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Type                                                                2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Start                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ErrorControl                                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DisplayName                                                         aswSnx
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Group                                                               FSFilter Virtualization
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DependOnService                                                     FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Description                                                         avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Tag                                                                 2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances@DefaultInstance                                           aswSnx Instance
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Altitude                                  137600
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Flags                                     0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@ProgramFolder                                            \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@DataFolder                                               \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Type                                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Start                                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ErrorControl                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DisplayName                                                          aswSP
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Description                                                          avast! Self Protection
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@BehavShield                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFolder                                             \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@DataFolder                                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFilesFolder                                        \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@GadgetFolder                                              \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Type                                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Start                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@ErrorControl                                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DisplayName                                                         avast! Network Shield Support
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Group                                                               PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DependOnService                                                     tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Description                                                         avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Tag                                                                 9
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Type                                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Start                                                               0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ErrorControl                                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@DisplayName                                                         aswVmm
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Description                                                         avast! VM Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm\Parameters                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Type                                                      32
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Start                                                     2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ErrorControl                                              1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath                                                 "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DisplayName                                               avast! Antivirus
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Group                                                     ShellSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DependOnService                                           aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@WOW64                                                     1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ObjectName                                                LocalSystem
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ServiceSidType                                            1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Description                                               Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?.
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\84a6c87209b5                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\84a6c87209b5@907f6109b78d                          0x9B 0xD7 0x00 0x36 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                  315

---- Files - GMER 2.1 ----

File    C:\Windows\Temp\fwtsqmfile00.sqm                                                                                  0 bytes
File    C:\Windows\Temp\fwtsqmfile01.sqm                                                                                  0 bytes

---- EOF - GMER 2.1 ----



Kod: Zaznacz wszystko
OTL logfile created on: 2013-11-07 19:18:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dom\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,88 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 64,81% Memory free
4,13 Gb Paging File | 2,74 Gb Available in Paging File | 66,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 243,80 Gb Total Space | 211,90 Gb Free Space | 86,92% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Dom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-11-07 18:42:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Downloads\OTL.exe
PRC - [2013-10-09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013-10-02 10:48:52 | 003,998,704 | ---- | M] () -- C:\Program Files (x86)\tuto4pc_pl_20\tuto4pc_pl_20.exe
PRC - [2013-09-05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-08-30 08:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-08-30 08:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-08-26 15:48:54 | 003,154,416 | ---- | M] () -- C:\Users\Dom\AppData\Local\tuto4pc_pl_17\upt4pc_pl_17.exe
PRC - [2013-08-26 15:48:48 | 003,965,936 | ---- | M] () -- C:\Program Files (x86)\tuto4pc_pl_17\tuto4pc_pl_17.exe
PRC - [2010-01-25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-10-09 01:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
MOD - [2013-10-09 01:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013-10-09 01:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013-10-09 01:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013-10-09 01:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013-10-09 01:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013-10-02 10:48:52 | 003,998,704 | ---- | M] () -- C:\Program Files (x86)\tuto4pc_pl_20\tuto4pc_pl_20.exe
MOD - [2013-08-26 15:48:54 | 003,154,416 | ---- | M] () -- C:\Users\Dom\AppData\Local\tuto4pc_pl_17\upt4pc_pl_17.exe
MOD - [2013-08-26 15:48:48 | 003,965,936 | ---- | M] () -- C:\Program Files (x86)\tuto4pc_pl_17\tuto4pc_pl_17.exe
MOD - [2009-02-27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2013-08-30 08:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2013-07-02 01:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2013-06-12 19:35:46 | 000,286,208 | -HS- | M] () [Auto | Stopped] -- C:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV:[b]64bit:[/b] - [2013-05-04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013-05-04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2013-04-09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2013-03-02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2013-03-02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2013-01-10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2013-01-10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2012-09-20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2012-09-20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2012-07-26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2012-07-26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2012-07-26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-09-26 21:44:48 | 000,206,616 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe -- (Update Whilokii)
SRV - [2013-09-05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-12-14 01:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-07-26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-07-26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2010-01-25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013-08-30 08:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2013-08-30 08:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2013-08-30 08:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2013-08-30 08:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2013-08-30 08:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2013-08-30 08:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2013-08-30 08:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2013-08-30 08:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2013-05-04 08:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2013-05-04 08:34:17 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2013-05-04 08:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2013-03-02 11:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2013-03-02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013-03-02 11:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013-03-02 11:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2013-03-02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2013-02-02 08:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013-01-10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2012-12-14 01:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012-11-27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2012-11-20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2012-11-06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2012-10-12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012-10-11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2012-10-11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2012-09-20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2012-09-20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2012-09-20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2012-07-26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012-07-26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2012-07-26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2012-07-26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2012-07-26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2012-07-26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2012-07-26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2012-07-26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2012-07-26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2012-07-26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2012-07-26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2012-07-26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2012-07-26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012-07-26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2012-07-26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2012-07-26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2012-07-17 17:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012-06-02 15:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2012-06-02 15:31:47 | 011,400,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwNe64.sys -- (NETwNe64)
DRV:[b]64bit:[/b] - [2012-02-17 18:36:56 | 000,334,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012-02-17 18:33:38 | 010,657,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=150
IE - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=221884A6C87209B2&affID=125839&tsp=5036
IE - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013-10-02 12:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-06-13 19:45:42 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider: Doko Search (Enabled)
CHR - default_search_provider: search_url = http://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=221884A6C87209B2&affID=125839&tsp=5036
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.doko-search.com/?babsrc=HP_ss&mntrId=221884A6C87209B2&affID=125839&tsp=5036
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - Extension: Dokumenty Google = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0\
CHR - Extension: Google Wallet = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-07-26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Whilokii) - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\Whilokiibho.dll (Whilokii)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [tuto4pc_pl_17] C:\Program Files (x86)\tuto4pc_pl_17\tuto4pc_pl_17.exe ()
O4 - HKLM..\Run: [tuto4pc_pl_20] C:\Program Files (x86)\tuto4pc_pl_20\tuto4pc_pl_20.exe ()
O4 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe (ALLPlayer Group Ltd.)
O4 - HKLM..\RunOnce: [upt4pc_pl_17.exe] C:\Users\Dom\AppData\Local\tuto4pc_pl_17\upt4pc_pl_17.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFirstLogonAnimation = 0
O7 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C782E584-FFC2-4113-B950-9FA193A056F2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll) -  File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6675b65b-39b6-11e3-bea9-84a6c87209b5}\Shell - "" = AutoRun
O33 - MountPoints2\{6675b65b-39b6-11e3-bea9-84a6c87209b5}\Shell\AutoRun\command - "" = "E:\iStudio.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-10-23 21:08:27 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\NapiProjekt
[2013-10-22 21:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-10-21 13:44:32 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013-10-21 13:44:20 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013-10-21 13:44:19 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013-10-21 13:44:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013-10-21 13:44:18 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013-10-21 13:44:18 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013-10-21 13:44:17 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013-10-21 13:44:17 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013-10-21 13:44:08 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013-10-21 13:44:08 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013-10-20 20:27:19 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\Filmy
[2013-10-20 19:39:15 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\filmy z kamery
[2013-10-16 20:45:15 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\Samorząd Szkolny
[2013-10-15 18:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013-10-15 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Detektor Winampa
[2013-10-15 18:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013-10-15 18:30:24 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Winamp
[2013-10-15 18:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013-10-15 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\MetaCrawler
[2013-10-15 18:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\metaCrawler
[2013-10-15 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\ALLConverter
[2013-10-15 18:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NapiProjekt
[2013-10-15 18:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLConverter PRO
[2013-10-15 18:17:53 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\ALLMediaServer
[2013-10-15 18:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLMediaServer
[2013-10-15 18:17:27 | 000,276,992 | ---- | C] (IntelleSoft) -- C:\Windows\SysWow64\BugTrap.dll
[2013-10-15 18:17:23 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\ALLPlayer
[2013-10-15 18:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLPlayer
[2013-10-15 18:09:07 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Adobe
[2013-10-15 18:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013-10-15 18:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013-10-15 18:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013-10-09 09:14:20 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\11 listopada

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-11-07 19:06:18 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-11-07 18:51:26 | 001,794,614 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-11-07 18:51:26 | 000,794,946 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-11-07 18:51:26 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-11-07 18:51:26 | 000,159,530 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-11-07 18:51:26 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-11-07 18:48:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-11-07 18:46:51 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-11-07 18:46:37 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-11-07 18:46:35 | 3328,917,504 | -HS- | M] () -- C:\hiberfil.sys
[2013-11-06 12:29:00 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\MetaCrawler.job
[2013-11-06 11:59:01 | 000,087,094 | -H-- | M] () -- C:\Windows\SysNative\KMSWrapper64.dll
[2013-11-06 10:15:20 | 000,278,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-10-15 18:30:47 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013-10-15 18:28:23 | 000,356,754 | ---- | M] () -- C:\Users\Dom\AppData\Local\metacrawler-speeddial.crx
[2013-10-15 18:18:01 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\ALLConverter PRO.lnk
[2013-10-15 18:17:55 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\ALL Media Server.lnk
[2013-10-15 18:17:36 | 000,001,035 | ---- | M] () -- C:\Users\Dom\Desktop\ALLPlayer.lnk
[2013-10-15 18:07:21 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-11-06 11:59:01 | 000,087,094 | -H-- | C] () -- C:\Windows\SysNative\KMSWrapper64.dll
[2013-10-23 20:29:39 | 000,278,944 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-10-15 18:30:47 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013-10-15 18:28:38 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\MetaCrawler.job
[2013-10-15 18:28:34 | 000,356,754 | ---- | C] () -- C:\Users\Dom\AppData\Local\metacrawler-speeddial.crx
[2013-10-15 18:18:01 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\ALLConverter PRO.lnk
[2013-10-15 18:17:55 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\ALL Media Server.lnk
[2013-10-15 18:17:36 | 000,001,035 | ---- | C] () -- C:\Users\Dom\Desktop\ALLPlayer.lnk
[2013-10-15 18:17:27 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013-10-15 18:17:27 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2013-10-15 18:17:26 | 002,106,368 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2013-10-15 18:07:21 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013-09-11 18:42:20 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013-06-15 15:40:45 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012-12-14 01:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-12-14 01:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012-12-14 01:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012-07-26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012-07-26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012-07-26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012-07-26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012-07-25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012-07-25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-06-02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2013-06-15 16:32:10 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-03-06 07:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-03-06 06:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >



Kod: Zaznacz wszystko
OTL Extras logfile created on: 2013-11-07 19:18:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dom\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,88 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 64,81% Memory free
4,13 Gb Paging File | 2,74 Gb Available in Paging File | 66,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 243,80 Gb Total Space | 211,90 Gb Free Space | 86,92% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Dom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Directory [runas] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Usun zawartosc folderu] -- cmd /c "cd /d %1 && del /s /q *.* (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Directory [runas] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Usun zawartosc folderu] -- cmd /c "cd /d %1 && del /s /q *.* (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B2AE3C-FA4D-48B5-B8F0-ACE248E08F00}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2150DE26-4EF2-47E0-B3F9-86033FB61D23}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39F1C5E6-AB71-4D9F-97E9-5CAEB1DE3EE6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7658DC92-D774-4F52-BB68-EA55273E64AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F2B9AD0-43C9-4522-BBBA-2D4B47E201A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B8BEE461-BD83-47E2-99D1-E931B85CDB4F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAE61325-F5B1-4CE3-AD54-E61CC30781E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB7BC708-8C30-447F-9070-94648EAB4FA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F07A6A2F-9500-40FF-8AC9-AD5F0D4535D6}" = lport=10243 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F4F014-C104-423A-8B23-1F511E56F8F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{080644A5-689D-4F2D-85C5-D7B63C6ABC5E}" = dir=out | name=windows_ie_ac_001 |
"{0F3CF667-4D7E-4A99-889C-B277FADF29B2}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{15DB8DF8-7B76-48CF-ADAB-DA3EF8FD1B15}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{1F02E34D-1B5D-4F39-9A9D-265B974C1BD6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{20260FF3-D300-435F-A82E-1B548FA75BE3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{223AFC1D-9EF8-4576-8CE4-7A9C5923D473}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{3662B851-558B-49A0-9A8A-9ED20B5C6F99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39AF0258-E370-4CEE-9318-419F7259E1B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{51C19C4D-E2FF-4BBD-8764-8F626EE1EC7B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{5D22C856-B3B6-4654-9FF5-ADFB52D2893A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F1AF5C5-7010-407C-A226-363E82CE0085}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D306F22-CD47-4673-A334-312F4A65EFAB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{89D58157-47DB-47B7-B402-C748E1BECB06}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F747AF7-D49E-421E-8EA4-C65849F64979}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A24BFAFA-6355-4E41-AA68-938DB2DB818F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{A5125247-36DD-41F6-85CA-58328FEE006F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A648ABEC-7C51-455B-A7FC-6CA9C784234A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7010301-2F53-42A9-8CA1-4CB3E1C817C0}" = protocol=6 | dir=out | app=system |
"{BF8D205F-7C9E-4416-B8EE-C11F1C82965A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3A3A99A-7A1E-4563-9B4A-05D581AD0B05}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E217C5A6-862A-4197-90DA-BD268E551028}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F5370A60-B260-43D0-92C9-6AC2ECD57C84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F86E8D99-B326-4EE2-9C82-9CA835E68B7B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0415-1000-0000000FF1CE}" = Microsoft Access MUI (Polish) 2013
"{90150000-0016-0415-1000-0000000FF1CE}" = Microsoft Excel MUI (Polish) 2013
"{90150000-0018-0415-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Polish) 2013
"{90150000-0019-0415-1000-0000000FF1CE}" = Microsoft Publisher MUI (Polish) 2013
"{90150000-001A-0415-1000-0000000FF1CE}" = Microsoft Outlook MUI (Polish) 2013
"{90150000-001B-0415-1000-0000000FF1CE}" = Microsoft Word MUI (Polish) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-0415-1000-0000000FF1CE}" = Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski
"{90150000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2013
"{90150000-0044-0415-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Polish) 2013
"{90150000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2013
"{90150000-0090-0415-1000-0000000FF1CE}" = Microsoft DCF MUI (Polish) 2013
"{90150000-00A1-0415-1000-0000000FF1CE}" = Microsoft OneNote MUI (Polish) 2013
"{90150000-00BA-0415-1000-0000000FF1CE}" = Microsoft Groove MUI (Polish) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2013
"{90150000-00E1-0415-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Polish) 2013
"{90150000-00E2-0415-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Polish) 2013
"{90150000-012B-0415-1000-0000000FF1CE}" = Microsoft Lync MUI (Polish) 2013
"CPL Pack" = Kels' Win7 CPL PacK!
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-64)
"KMSpico v6.1_is1" = KMSpico 6.1
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.1.4235
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Polish
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FE77909E-B782-4554-A92A-4D887CEF0ACC}_is1" = ALLMediaServer
"ALLPlayer_is1" = ALLPlayer V5.X
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"metaCrawler" = metaCrawler
"NapiProjekt_is1" = NapiProjekt 2.0.0 (build 2151)
"StartIsBack" = StartIsBack
"tuto4pc_pl_17_is1" = tuto4pc_pl_17
"tuto4pc_pl_20_is1" = tuto4pc_pl_20
"Winamp" = Winamp

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2013-10-28 05:00:14 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 5.0.0.0,
sygnatura czasowa: 0x51b921f3  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000  Kod wyjątku: 0x00000000  Przesunięcie błędu: 0x000007fcc149d7cf
Identyfikator
procesu powodującego błąd: 0x340  Godzina uruchomienia aplikacji powodującej błąd:
0x01ced3bbf5aab418  Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka
modułu powodującego błąd: unknown  Identyfikator raportu: 5b428848-3faf-11e3-beb2-84a6c87209b5
Pełna
nazwa pakietu powodującego błąd:   Identyfikator aplikacji względem pakietu powodującego
błąd:

Error - 2013-10-28 05:17:30 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 5.0.0.0,
sygnatura czasowa: 0x51b921f3  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000  Kod wyjątku: 0x00000000  Przesunięcie błędu: 0x000007fdd394dfaf
Identyfikator
procesu powodującego błąd: 0x268  Godzina uruchomienia aplikacji powodującej błąd:
0x01ced3be62c40626  Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka
modułu powodującego błąd: unknown  Identyfikator raportu: c4e3cbb8-3fb1-11e3-beb3-84a6c87209b5
Pełna
nazwa pakietu powodującego błąd:   Identyfikator aplikacji względem pakietu powodującego
błąd:

Error - 2013-10-28 16:01:15 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 5.0.0.0,
sygnatura czasowa: 0x51b921f3  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000  Kod wyjątku: 0x00000000  Przesunięcie błędu: 0x000007f871d6d7cf
Identyfikator
procesu powodującego błąd: 0x5ec  Godzina uruchomienia aplikacji powodującej błąd:
0x01ced41849034c83  Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka
modułu powodującego błąd: unknown  Identyfikator raportu: b35931c3-400b-11e3-beb4-84a6c87209b5
Pełna
nazwa pakietu powodującego błąd:   Identyfikator aplikacji względem pakietu powodującego
błąd:

Error - 2013-10-28 16:01:39 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.2.9200.16433,
sygnatura czasowa: 0x50763312  Nazwa modułu powodującego błąd: windows.immersiveshell.serviceprovider.dll,
wersja: 6.2.9200.16384, sygnatura czasowa: 0x50108240  Kod wyjątku: 0x80270233  Przesunięcie
błędu: 0x000000000000854f  Identyfikator procesu powodującego błąd: 0x54c  Godzina
uruchomienia aplikacji powodującej błąd: 0x01ced4184458c260  Ścieżka aplikacji powodującej
błąd: C:\Windows\Explorer.EXE  Ścieżka modułu powodującego błąd: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Identyfikator
raportu: c1b1083e-400b-11e3-beb4-84a6c87209b5  Pełna nazwa pakietu powodującego błąd:
   Identyfikator aplikacji względem pakietu powodującego błąd:

Error - 2013-10-28 16:26:57 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 5.0.0.0,
sygnatura czasowa: 0x51b921f3  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000  Kod wyjątku: 0x00000000  Przesunięcie błędu: 0x000007fc5b1be0df
Identyfikator
procesu powodującego błąd: 0x8c8  Godzina uruchomienia aplikacji powodującej błąd:
0x01ced41be6a38596  Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka
modułu powodującego błąd: unknown  Identyfikator raportu: 4a027b8e-400f-11e3-beb5-84a6c87209b5
Pełna
nazwa pakietu powodującego błąd:   Identyfikator aplikacji względem pakietu powodującego
błąd:

Error - 2013-10-29 13:47:23 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 5.0.0.0,
sygnatura czasowa: 0x51b921f3  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000  Kod wyjątku: 0x00000000  Przesunięcie błędu: 0x000007ff9aa1d87f
Identyfikator
procesu powodującego błąd: 0x7fc  Godzina uruchomienia aplikacji powodującej błąd:
0x01ced4ceb850e6b1  Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka
modułu powodującego błąd: unknown  Identyfikator raportu: 2a02d986-40c2-11e3-beb6-84a6c87209b5
Pełna
nazwa pakietu powodującego błąd:   Identyfikator aplikacji względem pakietu powodującego
błąd:

Error - 2013-10-30 13:54:07 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 5.0.0.0,
sygnatura czasowa: 0x51b921f3  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000  Kod wyjątku: 0x00000000  Przesunięcie błędu: 0x000007f89ffed7cf
Identyfikator
procesu powodującego błąd: 0x168  Godzina uruchomienia aplikacji powodującej błąd:
0x01ced598d66dae58  Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka
modułu powodującego błąd: unknown  Identyfikator raportu: 45701a3d-418c-11e3-beb7-84a6c87209b5
Pełna
nazwa pakietu powodującego błąd:   Identyfikator aplikacji względem pakietu powodującego
błąd:

Error - 2013-11-02 13:55:38 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 5.0.0.0,
sygnatura czasowa: 0x51b921f3  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000  Kod wyjątku: 0x00000000  Przesunięcie błędu: 0x000007f7df23dfaf
Identyfikator
procesu powodującego błąd: 0x51c  Godzina uruchomienia aplikacji powodującej błąd:
0x01ced7f4856c1908  Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka
modułu powodującego błąd: unknown  Identyfikator raportu: fa951924-43e7-11e3-beb8-84a6c87209b5
Pełna
nazwa pakietu powodującego błąd:   Identyfikator aplikacji względem pakietu powodującego
błąd:

Error - 2013-11-03 16:42:05 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 5.0.0.0,
sygnatura czasowa: 0x51b921f3  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000  Kod wyjątku: 0x00000000  Przesunięcie błędu: 0x000007fa57b2dfaf
Identyfikator
procesu powodującego błąd: 0x804  Godzina uruchomienia aplikacji powodującej błąd:
0x01ced8d4fc1ce81a  Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka
modułu powodującego błąd: unknown  Identyfikator raportu: 65f367f2-44c8-11e3-beb9-84a6c87209b5
Pełna
nazwa pakietu powodującego błąd:   Identyfikator aplikacji względem pakietu powodującego
błąd:

Error - 2013-11-04 14:08:56 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 5.0.0.0,
sygnatura czasowa: 0x51b921f3  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000  Kod wyjątku: 0x00000000  Przesunięcie błędu: 0x000007fae8a0d7cf
Identyfikator
procesu powodującego błąd: 0x670  Godzina uruchomienia aplikacji powodującej błąd:
0x01ced988c719b7e1  Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka
modułu powodującego błąd: unknown  Identyfikator raportu: 2b12c180-457c-11e3-beba-84a6c87209b5
Pełna
nazwa pakietu powodującego błąd:   Identyfikator aplikacji względem pakietu powodującego
błąd:

Error - 2013-11-04 15:36:27 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 5.0.0.0,
sygnatura czasowa: 0x51b921f3  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000  Kod wyjątku: 0x00000000  Przesunięcie błędu: 0x000007fd32b5dfaf
Identyfikator
procesu powodującego błąd: 0x600  Godzina uruchomienia aplikacji powodującej błąd:
0x01ced9950052e73d  Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka
modułu powodującego błąd: unknown  Identyfikator raportu: 6553d350-4588-11e3-bebb-84a6c87209b5
Pełna
nazwa pakietu powodującego błąd:   Identyfikator aplikacji względem pakietu powodującego
błąd:

[ System Events ]
Error - 2013-10-28 16:00:47 | Computer Name = Computer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Update Whilokii z powodu następującego
błędu:   %%1053

Error - 2013-10-28 16:01:26 | Computer Name = Computer | Source = Service Control Manager | ID = 7034
Description = Usługa Service KMSELDI niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2013-10-28 16:01:39 | Computer Name = Computer | Source = DCOM | ID = 10010
Description =

Error - 2013-10-28 16:25:15 | Computer Name = Computer | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 2013-10-28 16:25:24 | Computer Name = Computer | Source = BTHUSB | ID = 327710
Description = Lokalny adapter nie obsługuje ważnego stanu kontrolera funkcji Low
Energy. Minimalna wymagana obsługiwana maska stanu to 0x1f7fffff, a uzyskano 0x1f3fffff.
Funkcja Low Energy zostanie wyłączona.

Error - 2013-10-28 16:26:28 | Computer Name = Computer | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą Update Whilokii.

Error - 2013-10-28 16:26:28 | Computer Name = Computer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Update Whilokii z powodu następującego
błędu:   %%1053

Error - 2013-10-28 16:27:03 | Computer Name = Computer | Source = Service Control Manager | ID = 7034
Description = Usługa Service KMSELDI niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2013-10-29 13:45:36 | Computer Name = Computer | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 2013-10-29 13:45:44 | Computer Name = Computer | Source = BTHUSB | ID = 327710
Description = Lokalny adapter nie obsługuje ważnego stanu kontrolera funkcji Low
Energy. Minimalna wymagana obsługiwana maska stanu to 0x1f7fffff, a uzyskano 0x1f3fffff.
Funkcja Low Energy zostanie wyłączona.


< End of report >


(komputer należy do siostry)

Serdecznie proszę o pomoc. (z komputerem :wink:)
4_life
~user
 
Posty: 118
Dołączenie: 27 Lut 2007, 18:26


Góra

Wyskakujące reklamy, samoczynne uruchamianie stron

Postprzez ordynat 07 Lis 2013, 21:11

1) Odinstaluj:
"tuto4pc_pl_17_is1" = tuto4pc_pl_17
"tuto4pc_pl_20_is1" = tuto4pc_pl_20
"metaCrawler" = metaCrawler

2) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport.

3) Zrób nowy log z OTL
ordynat
~user
 
Posty: 4765
Dołączenie: 02 Kwi 2010, 11:18
Pochwały: 866


Góra

Wyskakujące reklamy, samoczynne uruchamianie stron

Postprzez 4_life 07 Lis 2013, 22:38

Kod: Zaznacz wszystko
OTL logfile created on: 2013-11-07 21:30:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dom\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,88 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 71,41% Memory free
4,13 Gb Paging File | 2,95 Gb Available in Paging File | 71,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 243,80 Gb Total Space | 211,03 Gb Free Space | 86,56% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Dom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-11-07 18:51:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Downloads\OTL (1).exe
PRC - [2013-10-09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013-10-08 13:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
PRC - [2013-09-05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010-01-25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-10-09 01:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
MOD - [2013-10-09 01:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013-10-09 01:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013-10-09 01:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013-10-09 01:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2013-07-02 01:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2013-06-12 19:35:46 | 000,286,208 | -HS- | M] () [Auto | Stopped] -- C:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV:[b]64bit:[/b] - [2013-05-04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013-05-04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2013-04-09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2013-03-02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2013-03-02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2013-01-10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2013-01-10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2012-09-20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2012-09-20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2012-07-26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2012-07-26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2012-07-26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:[b]64bit:[/b] - [2012-07-26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-10-08 13:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS)
SRV - [2013-09-05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-12-14 01:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-07-26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-07-26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2010-01-25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013-11-07 20:12:18 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2013-09-27 04:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:[b]64bit:[/b] - [2013-09-27 03:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:[b]64bit:[/b] - [2013-09-27 03:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:[b]64bit:[/b] - [2013-09-26 04:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1501000.012\symnets.sys -- (SymNetS)
DRV:[b]64bit:[/b] - [2013-09-26 03:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1501000.012\ccSetx64.sys -- (ccSet_NIS)
DRV:[b]64bit:[/b] - [2013-09-10 03:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1501000.012\SymELAM.sys -- (SymELAM)
DRV:[b]64bit:[/b] - [2013-09-10 03:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1501000.012\SymDS64.sys -- (SymDS)
DRV:[b]64bit:[/b] - [2013-09-10 02:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:[b]64bit:[/b] - [2013-05-04 08:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2013-05-04 08:34:17 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2013-05-04 08:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2013-03-02 11:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2013-03-02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013-03-02 11:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013-03-02 11:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2013-03-02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2013-02-02 08:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013-01-10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2012-12-14 01:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012-11-27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2012-11-20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2012-11-06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2012-10-12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012-10-11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2012-10-11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2012-09-20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2012-09-20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2012-09-20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2012-07-26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012-07-26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012-07-26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2012-07-26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2012-07-26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2012-07-26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2012-07-26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2012-07-26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2012-07-26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2012-07-26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2012-07-26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2012-07-26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2012-07-26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2012-07-26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2012-07-26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012-07-26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:[b]64bit:[/b] - [2012-07-26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2012-07-26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2012-07-26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2012-07-17 17:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012-06-02 15:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2012-06-02 15:31:47 | 011,400,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwNe64.sys -- (NETwNe64)
DRV:[b]64bit:[/b] - [2012-02-17 18:36:56 | 000,334,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012-02-17 18:33:38 | 010,657,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV - [2013-11-07 11:23:34 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131107.003\EX64.SYS -- (NAVEX15)
DRV - [2013-11-07 11:23:34 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013-11-07 11:23:34 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013-11-07 11:23:34 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131107.003\ENG64.SYS -- (NAVENG)
DRV - [2013-11-06 17:54:24 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131106.001\IDSvia64.sys -- (IDSVia64)
DRV - [2013-11-02 00:38:08 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131101.003\BHDrvx64.sys -- (BHDrvx64)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=150
IE - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-07 20:12:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2013-11-07 20:12:27 | 000,000,000 | ---D | M]

[2013-10-02 12:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-06-13 19:45:42 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider: Doko Search (Enabled)
CHR - default_search_provider: search_url = http://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=221884A6C87209B2&affID=125839&tsp=5036
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - Extension: Dokumenty Google = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0\
CHR - Extension: Norton Identity Protection = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\
CHR - Extension: Google Wallet = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-07-26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe (ALLPlayer Group Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFirstLogonAnimation = 0
O7 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-960420057-1848288727-2868747228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C782E584-FFC2-4113-B950-9FA193A056F2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll) -  File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6675b65b-39b6-11e3-bea9-84a6c87209b5}\Shell - "" = AutoRun
O33 - MountPoints2\{6675b65b-39b6-11e3-bea9-84a6c87209b5}\Shell\AutoRun\command - "" = "E:\iStudio.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-11-07 20:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013-11-07 20:12:18 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013-11-07 20:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013-11-07 20:11:55 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys
[2013-11-07 20:11:55 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys
[2013-11-07 20:11:55 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnets.sys
[2013-11-07 20:11:55 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys
[2013-11-07 20:11:55 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys
[2013-11-07 20:11:55 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys
[2013-11-07 20:11:55 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys
[2013-11-07 20:11:55 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymELAM.sys
[2013-11-07 20:11:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2013-11-07 20:11:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1501000.012
[2013-11-07 20:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013-11-07 20:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013-11-07 20:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013-11-07 20:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013-11-07 20:09:50 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013-11-07 19:43:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-11-07 19:42:53 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\logi
[2013-10-23 21:08:27 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\NapiProjekt
[2013-10-22 21:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-10-21 13:44:32 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013-10-21 13:44:20 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013-10-21 13:44:19 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013-10-21 13:44:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013-10-21 13:44:18 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013-10-21 13:44:18 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013-10-21 13:44:17 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013-10-21 13:44:17 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013-10-21 13:44:08 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013-10-21 13:44:08 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013-10-20 20:27:19 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\Filmy
[2013-10-20 19:39:15 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\filmy z kamery
[2013-10-16 20:45:15 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\Samorząd Szkolny
[2013-10-15 18:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013-10-15 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Detektor Winampa
[2013-10-15 18:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013-10-15 18:30:24 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Winamp
[2013-10-15 18:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013-10-15 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\ALLConverter
[2013-10-15 18:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NapiProjekt
[2013-10-15 18:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLConverter PRO
[2013-10-15 18:17:53 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\ALLMediaServer
[2013-10-15 18:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLMediaServer
[2013-10-15 18:17:27 | 000,276,992 | ---- | C] (IntelleSoft) -- C:\Windows\SysWow64\BugTrap.dll
[2013-10-15 18:17:23 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\ALLPlayer
[2013-10-15 18:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLPlayer
[2013-10-15 18:09:07 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Adobe
[2013-10-15 18:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013-10-15 18:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013-10-15 18:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013-10-09 09:14:20 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\11 listopada

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-11-07 21:24:13 | 001,794,614 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-11-07 21:24:13 | 000,794,946 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-11-07 21:24:13 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-11-07 21:24:13 | 000,159,530 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-11-07 21:24:13 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-11-07 21:21:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-11-07 21:20:04 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-11-07 21:19:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-11-07 21:19:42 | 3328,917,504 | -HS- | M] () -- C:\hiberfil.sys
[2013-11-07 21:06:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-11-07 20:12:26 | 002,361,033 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Cat.DB
[2013-11-07 20:12:18 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013-11-07 20:12:18 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013-11-07 20:12:18 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013-11-06 11:59:01 | 000,087,094 | -H-- | M] () -- C:\Windows\SysNative\KMSWrapper64.dll
[2013-11-06 10:15:20 | 000,278,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-10-31 20:21:50 | 000,017,830 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\VT20131031.017
[2013-10-15 18:30:47 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013-10-15 18:28:23 | 000,356,754 | ---- | M] () -- C:\Users\Dom\AppData\Local\metacrawler-speeddial.crx
[2013-10-15 18:18:01 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\ALLConverter PRO.lnk
[2013-10-15 18:17:55 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\ALL Media Server.lnk
[2013-10-15 18:17:36 | 000,001,035 | ---- | M] () -- C:\Users\Dom\Desktop\ALLPlayer.lnk
[2013-10-15 18:07:21 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013-10-11 17:19:02 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\isolate.ini

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-11-07 20:36:35 | 000,017,830 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\VT20131031.017
[2013-11-07 20:12:21 | 002,361,033 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Cat.DB
[2013-11-07 20:12:18 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013-11-07 20:12:18 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013-11-07 20:11:46 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymEFA.inf
[2013-11-07 20:11:46 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymDS.inf
[2013-11-07 20:11:46 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymNet.inf
[2013-11-07 20:11:46 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.inf
[2013-11-07 20:11:46 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.inf
[2013-11-07 20:11:46 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symELAM.inf
[2013-11-07 20:11:46 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.inf
[2013-11-07 20:11:46 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Iron.inf
[2013-11-07 20:11:30 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymVTcer.dat
[2013-11-07 20:11:29 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymELAM64.cat
[2013-11-07 20:11:29 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.cat
[2013-11-07 20:11:29 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.cat
[2013-11-07 20:11:29 | 000,008,194 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.cat
[2013-11-07 20:11:29 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnet64.cat
[2013-11-07 20:11:29 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.cat
[2013-11-07 20:11:29 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymDS64.cat
[2013-11-07 20:11:29 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\iron.cat
[2013-11-07 20:11:29 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\isolate.ini
[2013-11-06 11:59:01 | 000,087,094 | -H-- | C] () -- C:\Windows\SysNative\KMSWrapper64.dll
[2013-10-23 20:29:39 | 000,278,944 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-10-15 18:30:47 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013-10-15 18:28:34 | 000,356,754 | ---- | C] () -- C:\Users\Dom\AppData\Local\metacrawler-speeddial.crx
[2013-10-15 18:18:01 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\ALLConverter PRO.lnk
[2013-10-15 18:17:55 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\ALL Media Server.lnk
[2013-10-15 18:17:36 | 000,001,035 | ---- | C] () -- C:\Users\Dom\Desktop\ALLPlayer.lnk
[2013-10-15 18:17:27 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013-10-15 18:17:27 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2013-10-15 18:17:26 | 002,106,368 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2013-10-15 18:07:21 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013-09-11 18:42:20 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013-06-15 15:40:45 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012-12-14 01:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-12-14 01:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012-12-14 01:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012-07-26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012-07-26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012-07-26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012-07-26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012-07-25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012-07-25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-06-02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2013-06-15 16:32:10 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-03-06 07:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-03-06 06:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
4_life
~user
 
Posty: 118
Dołączenie: 27 Lut 2007, 18:26


Góra

Wyskakujące reklamy, samoczynne uruchamianie stron

Postprzez ordynat 07 Lis 2013, 23:02

Kosmetyka:
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:
:OTL
[2013-10-15 18:28:34 | 000,356,754 | ---- | C] () -- C:\Users\Dom\AppData\Local\metacrawler-speeddial.crx
O20:64bit: - AppInit_DLLs: (c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll) - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt.
Raportu z tego już nie dawaj.

Kończymy:
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
ordynat
~user
 
Posty: 4765
Dołączenie: 02 Kwi 2010, 11:18
Pochwały: 866


Góra

Wyskakujące reklamy, samoczynne uruchamianie stron

Postprzez AnetaH89 08 Lis 2013, 15:48

Czesc, mam problem z komputerem, wyskakujace okna, reklamy. Jestem zieolna jezeli chodzi o takie rzeczy i niestety nie mam nikogo kto moglby mi pomoc. Nie wiem rowniez co jest potrzebne na ta chwile zeby ktos mogł zdiagnozowac w czym konkretnie jest problem. Wiec jezeli ktos z was chcialby sie podjac pomocy, to prosze o wyrozumialosc bo jak wspomnialam wczesniej malo wiem na temat komputerow. Pozdrawiam
AnetaH89
~user
 
Posty: 1
Dołączenie: 08 Lis 2013, 15:45


Góra

Wyskakujące reklamy, samoczynne uruchamianie stron

Postprzez XMan 1 08 Lis 2013, 16:23

@AnetaH89

najlepiej będzie jak założysz nowy temat bez "podpinki" ponieważ możesz mieć inny komputer oraz możesz mieć jeszcze inne problemy.
Dział Bezpieczeństwo wyróżnia się tym od innych że trzeba zakładać nowe tematy :wink:
Inna wersja to przeniesienie Twojego postu przez Moderatora, Administratora do nowego tematu a później rozwinięcie w celu podania odpowiednich logów itd.
Nie toleruję wulgaryzmu, chamstwa oraz kłamstwa.
"Mniej adrenaliny, więcej endorfin"

Pozdrawiam.
Awatar użytkownika
XMan 1
~user
 
Posty: 681
Dołączenie: 11 Paź 2013, 20:39
Miejscowość: PL
Pochwały: 40


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 19 gości

Powered by phpBB © Group
Forum Programosy.pl