GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-30 12:41:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\0000006b ST350064 rev.3.AC 465,76GB Running: nl5me12b.exe; Driver: C:\Users\Domek\AppData\Local\Temp\kwddikog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770e13c0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770e1410 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770e1570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770e15c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770e15d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770e1680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770e16b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770e16d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770e1710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770e1790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770e17b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770e17f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770e1840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770e19a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770e19a2 3 bytes {JMP 0xffffffff88f8e890} .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770e1b60 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770e1b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770e1c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770e1c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770e1ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770e1d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770e1d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770e1da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770e1da2 3 bytes {JMP 0xffffffff88f8e590} .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770e1e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770e1e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770e2100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770e21c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770e21c2 3 bytes {JMP 0xffffffff88f8e090} .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770e21f0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770e2200 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770e2230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770e2240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770e22a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770e22f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770e2320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770e2330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770e2620 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770e2820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770e2830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770e2840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770e2a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770e2a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770e2a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770e2ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770e2af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770e2b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770e2be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770e13c0 5 bytes JMP 0000000077240460 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770e1410 5 bytes JMP 0000000077240450 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770e1570 5 bytes JMP 0000000077240370 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770e15c0 5 bytes JMP 0000000077240470 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770e15d0 5 bytes JMP 00000000772403e0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770e1680 5 bytes JMP 0000000077240320 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770e16b0 5 bytes JMP 00000000772403b0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770e16d0 5 bytes JMP 0000000077240390 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770e1710 5 bytes JMP 00000000772402e0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770e1790 5 bytes JMP 00000000772402d0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770e17b0 5 bytes JMP 0000000077240310 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770e17f0 5 bytes JMP 00000000772403c0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770e1840 5 bytes JMP 00000000772403f0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770e19a0 1 byte JMP 0000000077240230 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770e19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770e1b60 5 bytes JMP 0000000077240480 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770e1b90 5 bytes JMP 00000000772403a0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770e1c70 5 bytes JMP 00000000772402f0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770e1c80 5 bytes JMP 0000000077240350 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770e1ce0 5 bytes JMP 0000000077240290 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770e1d70 5 bytes JMP 00000000772402b0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770e1d90 5 bytes JMP 00000000772403d0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770e1da0 1 byte JMP 0000000077240330 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770e1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770e1e10 5 bytes JMP 0000000077240410 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770e1e40 5 bytes JMP 0000000077240240 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770e2100 5 bytes JMP 00000000772401e0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770e21c0 1 byte JMP 0000000077240250 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770e21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770e21f0 5 bytes JMP 0000000077240490 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770e2200 5 bytes JMP 00000000772404a0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770e2230 5 bytes JMP 0000000077240300 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770e2240 5 bytes JMP 0000000077240360 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770e22a0 5 bytes JMP 00000000772402a0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770e22f0 5 bytes JMP 00000000772402c0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770e2320 5 bytes JMP 0000000077240380 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770e2330 5 bytes JMP 0000000077240340 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770e2620 5 bytes JMP 0000000077240440 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770e2820 5 bytes JMP 0000000077240260 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770e2830 5 bytes JMP 0000000077240270 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770e2840 5 bytes JMP 0000000077240400 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770e2a00 5 bytes JMP 00000000772401f0 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770e2a10 5 bytes JMP 0000000077240210 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770e2a80 5 bytes JMP 0000000077240200 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770e2ae0 5 bytes JMP 0000000077240420 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770e2af0 5 bytes JMP 0000000077240430 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770e2b00 5 bytes JMP 0000000077240220 .text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770e2be0 5 bytes JMP 0000000077240280 .text C:\Windows\System32\svchost.exe[944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770e13c0 5 bytes JMP 0000000077240460 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770e1410 5 bytes JMP 0000000077240450 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770e1570 5 bytes JMP 0000000077240370 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770e15c0 5 bytes JMP 0000000077240470 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770e15d0 5 bytes JMP 00000000772403e0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770e1680 5 bytes JMP 0000000077240320 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770e16b0 5 bytes JMP 00000000772403b0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770e16d0 5 bytes JMP 0000000077240390 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770e1710 5 bytes JMP 00000000772402e0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770e1790 5 bytes JMP 00000000772402d0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770e17b0 5 bytes JMP 0000000077240310 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770e17f0 5 bytes JMP 00000000772403c0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770e1840 5 bytes JMP 00000000772403f0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770e19a0 1 byte JMP 0000000077240230 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770e19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770e1b60 5 bytes JMP 0000000077240480 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770e1b90 5 bytes JMP 00000000772403a0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770e1c70 5 bytes JMP 00000000772402f0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770e1c80 5 bytes JMP 0000000077240350 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770e1ce0 5 bytes JMP 0000000077240290 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770e1d70 5 bytes JMP 00000000772402b0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770e1d90 5 bytes JMP 00000000772403d0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770e1da0 1 byte JMP 0000000077240330 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770e1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770e1e10 5 bytes JMP 0000000077240410 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770e1e40 5 bytes JMP 0000000077240240 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770e2100 5 bytes JMP 00000000772401e0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770e21c0 1 byte JMP 0000000077240250 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770e21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770e21f0 5 bytes JMP 0000000077240490 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770e2200 5 bytes JMP 00000000772404a0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770e2230 5 bytes JMP 0000000077240300 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770e2240 5 bytes JMP 0000000077240360 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770e22a0 5 bytes JMP 00000000772402a0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770e22f0 5 bytes JMP 00000000772402c0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770e2320 5 bytes JMP 0000000077240380 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770e2330 5 bytes JMP 0000000077240340 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770e2620 5 bytes JMP 0000000077240440 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770e2820 5 bytes JMP 0000000077240260 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770e2830 5 bytes JMP 0000000077240270 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770e2840 5 bytes JMP 0000000077240400 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770e2a00 5 bytes JMP 00000000772401f0 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770e2a10 5 bytes JMP 0000000077240210 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770e2a80 5 bytes JMP 0000000077240200 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770e2ae0 5 bytes JMP 0000000077240420 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770e2af0 5 bytes JMP 0000000077240430 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770e2b00 5 bytes JMP 0000000077240220 .text C:\Windows\System32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770e2be0 5 bytes JMP 0000000077240280 .text C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770e13c0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770e1410 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770e1570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770e15c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770e15d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770e1680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770e16b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770e16d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770e1710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770e1790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770e17b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770e17f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770e1840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770e19a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770e19a2 3 bytes {JMP 0xffffffff88f8e890} .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770e1b60 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770e1b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770e1c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770e1c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770e1ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770e1d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770e1d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770e1da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770e1da2 3 bytes {JMP 0xffffffff88f8e590} .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770e1e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770e1e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770e2100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770e21c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770e21c2 3 bytes {JMP 0xffffffff88f8e090} .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770e21f0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770e2200 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770e2230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770e2240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770e22a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770e22f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770e2320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770e2330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770e2620 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770e2820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770e2830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770e2840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770e2a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770e2a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770e2a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770e2ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770e2af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770e2b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770e2be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770e13c0 5 bytes JMP 0000000077240460 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770e1410 5 bytes JMP 0000000077240450 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770e1570 5 bytes JMP 0000000077240370 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770e15c0 5 bytes JMP 0000000077240470 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770e15d0 5 bytes JMP 00000000772403e0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770e1680 5 bytes JMP 0000000077240320 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770e16b0 5 bytes JMP 00000000772403b0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770e16d0 5 bytes JMP 0000000077240390 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770e1710 5 bytes JMP 00000000772402e0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770e1790 5 bytes JMP 00000000772402d0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770e17b0 5 bytes JMP 0000000077240310 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770e17f0 5 bytes JMP 00000000772403c0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770e1840 5 bytes JMP 00000000772403f0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770e19a0 1 byte JMP 0000000077240230 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770e19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770e1b60 5 bytes JMP 0000000077240480 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770e1b90 5 bytes JMP 00000000772403a0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770e1c70 5 bytes JMP 00000000772402f0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770e1c80 5 bytes JMP 0000000077240350 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770e1ce0 5 bytes JMP 0000000077240290 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770e1d70 5 bytes JMP 00000000772402b0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770e1d90 5 bytes JMP 00000000772403d0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770e1da0 1 byte JMP 0000000077240330 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770e1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770e1e10 5 bytes JMP 0000000077240410 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770e1e40 5 bytes JMP 0000000077240240 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770e2100 5 bytes JMP 00000000772401e0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770e21c0 1 byte JMP 0000000077240250 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770e21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770e21f0 5 bytes JMP 0000000077240490 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770e2200 5 bytes JMP 00000000772404a0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770e2230 5 bytes JMP 0000000077240300 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770e2240 5 bytes JMP 0000000077240360 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770e22a0 5 bytes JMP 00000000772402a0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770e22f0 5 bytes JMP 00000000772402c0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770e2320 5 bytes JMP 0000000077240380 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770e2330 5 bytes JMP 0000000077240340 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770e2620 5 bytes JMP 0000000077240440 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770e2820 5 bytes JMP 0000000077240260 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770e2830 5 bytes JMP 0000000077240270 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770e2840 5 bytes JMP 0000000077240400 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770e2a00 5 bytes JMP 00000000772401f0 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770e2a10 5 bytes JMP 0000000077240210 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770e2a80 5 bytes JMP 0000000077240200 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770e2ae0 5 bytes JMP 0000000077240420 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770e2af0 5 bytes JMP 0000000077240430 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770e2b00 5 bytes JMP 0000000077240220 .text C:\Windows\system32\svchost.exe[112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770e2be0 5 bytes JMP 0000000077240280 .text C:\Windows\system32\svchost.exe[112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770e13c0 5 bytes JMP 0000000077240460 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770e1410 5 bytes JMP 0000000077240450 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770e1570 5 bytes JMP 0000000077240370 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770e15c0 5 bytes JMP 0000000077240470 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770e15d0 5 bytes JMP 00000000772403e0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770e1680 5 bytes JMP 0000000077240320 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770e16b0 5 bytes JMP 00000000772403b0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770e16d0 5 bytes JMP 0000000077240390 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770e1710 5 bytes JMP 00000000772402e0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770e1790 5 bytes JMP 00000000772402d0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770e17b0 5 bytes JMP 0000000077240310 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770e17f0 5 bytes JMP 00000000772403c0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770e1840 5 bytes JMP 00000000772403f0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770e19a0 1 byte JMP 0000000077240230 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770e19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770e1b60 5 bytes JMP 0000000077240480 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770e1b90 5 bytes JMP 00000000772403a0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770e1c70 5 bytes JMP 00000000772402f0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770e1c80 5 bytes JMP 0000000077240350 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770e1ce0 5 bytes JMP 0000000077240290 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770e1d70 5 bytes JMP 00000000772402b0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770e1d90 5 bytes JMP 00000000772403d0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770e1da0 1 byte JMP 0000000077240330 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770e1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770e1e10 5 bytes JMP 0000000077240410 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770e1e40 5 bytes JMP 0000000077240240 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770e2100 5 bytes JMP 00000000772401e0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770e21c0 1 byte JMP 0000000077240250 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770e21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770e21f0 5 bytes JMP 0000000077240490 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770e2200 5 bytes JMP 00000000772404a0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770e2230 5 bytes JMP 0000000077240300 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770e2240 5 bytes JMP 0000000077240360 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770e22a0 5 bytes JMP 00000000772402a0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770e22f0 5 bytes JMP 00000000772402c0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770e2320 5 bytes JMP 0000000077240380 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770e2330 5 bytes JMP 0000000077240340 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770e2620 5 bytes JMP 0000000077240440 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770e2820 5 bytes JMP 0000000077240260 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770e2830 5 bytes JMP 0000000077240270 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770e2840 5 bytes JMP 0000000077240400 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770e2a00 5 bytes JMP 00000000772401f0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770e2a10 5 bytes JMP 0000000077240210 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770e2a80 5 bytes JMP 0000000077240200 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770e2ae0 5 bytes JMP 0000000077240420 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770e2af0 5 bytes JMP 0000000077240430 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770e2b00 5 bytes JMP 0000000077240220 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770e2be0 5 bytes JMP 0000000077240280 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770e13c0 5 bytes JMP 0000000100070460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770e1410 5 bytes JMP 0000000100070450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770e1570 5 bytes JMP 0000000100070370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770e15c0 5 bytes JMP 0000000100070470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770e15d0 5 bytes JMP 00000001000703e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770e1680 5 bytes JMP 0000000100070320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770e16b0 5 bytes JMP 00000001000703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770e16d0 5 bytes JMP 0000000100070390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770e1710 5 bytes JMP 00000001000702e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770e1790 5 bytes JMP 00000001000702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770e17b0 5 bytes JMP 0000000100070310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770e17f0 5 bytes JMP 00000001000703c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770e1840 5 bytes JMP 00000001000703f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770e19a0 1 byte JMP 0000000100070230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770e19a2 3 bytes {JMP 0xffffffff88f8e890} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770e1b60 5 bytes JMP 0000000100070480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770e1b90 5 bytes JMP 00000001000703a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770e1c70 5 bytes JMP 00000001000702f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770e1c80 5 bytes JMP 0000000100070350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770e1ce0 5 bytes JMP 0000000100070290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770e1d70 5 bytes JMP 00000001000702b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770e1d90 5 bytes JMP 00000001000703d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770e1da0 1 byte JMP 0000000100070330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770e1da2 3 bytes {JMP 0xffffffff88f8e590} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770e1e10 5 bytes JMP 0000000100070410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770e1e40 5 bytes JMP 0000000100070240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770e2100 5 bytes JMP 00000001000701e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770e21c0 1 byte JMP 0000000100070250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770e21c2 3 bytes {JMP 0xffffffff88f8e090} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770e21f0 5 bytes JMP 0000000100070490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770e2200 5 bytes JMP 00000001000704a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770e2230 5 bytes JMP 0000000100070300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770e2240 5 bytes JMP 0000000100070360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770e22a0 5 bytes JMP 00000001000702a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770e22f0 5 bytes JMP 00000001000702c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770e2320 5 bytes JMP 0000000100070380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770e2330 5 bytes JMP 0000000100070340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770e2620 5 bytes JMP 0000000100070440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770e2820 5 bytes JMP 0000000100070260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770e2830 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770e2840 5 bytes JMP 0000000100070400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770e2a00 5 bytes JMP 00000001000701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770e2a10 5 bytes JMP 0000000100070210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770e2a80 5 bytes JMP 0000000100070200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770e2ae0 5 bytes JMP 0000000100070420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770e2af0 5 bytes JMP 0000000100070430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770e2b00 5 bytes JMP 0000000100070220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770e2be0 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770e13c0 5 bytes JMP 0000000077240460 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770e1410 5 bytes JMP 0000000077240450 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770e1570 5 bytes JMP 0000000077240370 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770e15c0 5 bytes JMP 0000000077240470 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770e15d0 5 bytes JMP 00000000772403e0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770e1680 5 bytes JMP 0000000077240320 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770e16b0 5 bytes JMP 00000000772403b0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770e16d0 5 bytes JMP 0000000077240390 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770e1710 5 bytes JMP 00000000772402e0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770e1790 5 bytes JMP 00000000772402d0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770e17b0 5 bytes JMP 0000000077240310 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770e17f0 5 bytes JMP 00000000772403c0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770e1840 5 bytes JMP 00000000772403f0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770e19a0 1 byte JMP 0000000077240230 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770e19a2 3 bytes {JMP 0x15e890} .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770e1b60 5 bytes JMP 0000000077240480 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770e1b90 5 bytes JMP 00000000772403a0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770e1c70 5 bytes JMP 00000000772402f0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770e1c80 5 bytes JMP 0000000077240350 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770e1ce0 5 bytes JMP 0000000077240290 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770e1d70 5 bytes JMP 00000000772402b0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770e1d90 5 bytes JMP 00000000772403d0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770e1da0 1 byte JMP 0000000077240330 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770e1da2 3 bytes {JMP 0x15e590} .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770e1e10 5 bytes JMP 0000000077240410 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770e1e40 5 bytes JMP 0000000077240240 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770e2100 5 bytes JMP 00000000772401e0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770e21c0 1 byte JMP 0000000077240250 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770e21c2 3 bytes {JMP 0x15e090} .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770e21f0 5 bytes JMP 0000000077240490 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770e2200 5 bytes JMP 00000000772404a0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770e2230 5 bytes JMP 0000000077240300 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770e2240 5 bytes JMP 0000000077240360 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770e22a0 5 bytes JMP 00000000772402a0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770e22f0 5 bytes JMP 00000000772402c0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770e2320 5 bytes JMP 0000000077240380 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770e2330 5 bytes JMP 0000000077240340 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770e2620 5 bytes JMP 0000000077240440 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770e2820 5 bytes JMP 0000000077240260 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770e2830 5 bytes JMP 0000000077240270 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770e2840 5 bytes JMP 0000000077240400 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770e2a00 5 bytes JMP 00000000772401f0 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770e2a10 5 bytes JMP 0000000077240210 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770e2a80 5 bytes JMP 0000000077240200 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770e2ae0 5 bytes JMP 0000000077240420 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770e2af0 5 bytes JMP 0000000077240430 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770e2b00 5 bytes JMP 0000000077240220 .text C:\Windows\Explorer.EXE[1576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770e2be0 5 bytes JMP 0000000077240280 .text C:\Windows\Explorer.EXE[1576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770b3ae0 5 bytes JMP 00000001002b075c .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770b7a90 5 bytes JMP 00000001002b03a4 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770e13c0 5 bytes JMP 0000000077240460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770e1410 5 bytes JMP 0000000077240450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000770e1490 5 bytes JMP 00000001002b0b14 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770e14f0 5 bytes JMP 00000001002b0ecc .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770e1570 5 bytes JMP 0000000077240370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770e15c0 5 bytes JMP 0000000077240470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770e15d0 5 bytes JMP 00000001002b163c .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770e1680 5 bytes JMP 0000000077240320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770e16b0 5 bytes JMP 00000000772403b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770e16d0 5 bytes JMP 0000000077240390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770e1710 5 bytes JMP 00000000772402e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770e1790 5 bytes JMP 00000000772402d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770e17b0 5 bytes JMP 0000000077240310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770e17f0 5 bytes JMP 00000000772403c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000770e1810 5 bytes JMP 00000001002b1284 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770e1840 5 bytes JMP 00000000772403f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770e19a0 1 byte JMP 0000000077240230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770e19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770e1b60 5 bytes JMP 0000000077240480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770e1b90 5 bytes JMP 00000000772403a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770e1c70 5 bytes JMP 00000000772402f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770e1c80 5 bytes JMP 0000000077240350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770e1ce0 5 bytes JMP 0000000077240290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770e1d70 5 bytes JMP 00000000772402b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770e1d90 5 bytes JMP 00000000772403d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770e1da0 1 byte JMP 0000000077240330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770e1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770e1e10 5 bytes JMP 0000000077240410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770e1e40 5 bytes JMP 0000000077240240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770e2100 5 bytes JMP 00000000772401e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770e21c0 1 byte JMP 0000000077240250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770e21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770e21f0 5 bytes JMP 0000000077240490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770e2200 5 bytes JMP 00000000772404a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770e2230 5 bytes JMP 0000000077240300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770e2240 5 bytes JMP 0000000077240360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770e22a0 5 bytes JMP 00000000772402a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770e22f0 5 bytes JMP 00000000772402c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770e2320 5 bytes JMP 0000000077240380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770e2330 5 bytes JMP 0000000077240340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770e2620 5 bytes JMP 0000000077240440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770e2820 5 bytes JMP 0000000077240260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770e2830 5 bytes JMP 0000000077240270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770e2840 5 bytes JMP 00000001002b19f4 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770e2a00 5 bytes JMP 00000000772401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770e2a10 5 bytes JMP 0000000077240210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770e2a80 5 bytes JMP 0000000077240200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770e2ae0 5 bytes JMP 0000000077240420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770e2af0 5 bytes JMP 0000000077240430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770e2b00 5 bytes JMP 0000000077240220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770e2be0 5 bytes JMP 0000000077240280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2544] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1952] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000757aa30a 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5524] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770e13c0 5 bytes JMP 0000000077240460 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770e1410 5 bytes JMP 0000000077240450 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770e1570 5 bytes JMP 0000000077240370 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770e15c0 5 bytes JMP 0000000077240470 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770e15d0 5 bytes JMP 00000000772403e0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770e1680 5 bytes JMP 0000000077240320 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770e16b0 5 bytes JMP 00000000772403b0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770e16d0 5 bytes JMP 0000000077240390 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770e1710 5 bytes JMP 00000000772402e0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770e1790 5 bytes JMP 00000000772402d0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770e17b0 5 bytes JMP 0000000077240310 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770e17f0 5 bytes JMP 00000000772403c0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770e1840 5 bytes JMP 00000000772403f0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770e19a0 1 byte JMP 0000000077240230 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770e19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770e1b60 5 bytes JMP 0000000077240480 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770e1b90 5 bytes JMP 00000000772403a0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770e1c70 5 bytes JMP 00000000772402f0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770e1c80 5 bytes JMP 0000000077240350 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770e1ce0 5 bytes JMP 0000000077240290 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770e1d70 5 bytes JMP 00000000772402b0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770e1d90 5 bytes JMP 00000000772403d0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770e1da0 1 byte JMP 0000000077240330 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770e1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770e1e10 5 bytes JMP 0000000077240410 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770e1e40 5 bytes JMP 0000000077240240 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770e2100 5 bytes JMP 00000000772401e0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770e21c0 1 byte JMP 0000000077240250 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770e21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770e21f0 5 bytes JMP 0000000077240490 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770e2200 5 bytes JMP 00000000772404a0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770e2230 5 bytes JMP 0000000077240300 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770e2240 5 bytes JMP 0000000077240360 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770e22a0 5 bytes JMP 00000000772402a0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770e22f0 5 bytes JMP 00000000772402c0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770e2320 5 bytes JMP 0000000077240380 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770e2330 5 bytes JMP 0000000077240340 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770e2620 5 bytes JMP 0000000077240440 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770e2820 5 bytes JMP 0000000077240260 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770e2830 5 bytes JMP 0000000077240270 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770e2840 5 bytes JMP 0000000077240400 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770e2a00 5 bytes JMP 00000000772401f0 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770e2a10 5 bytes JMP 0000000077240210 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770e2a80 5 bytes JMP 0000000077240200 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770e2ae0 5 bytes JMP 0000000077240420 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770e2af0 5 bytes JMP 0000000077240430 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770e2b00 5 bytes JMP 0000000077240220 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770e2be0 5 bytes JMP 0000000077240280 .text C:\Windows\system32\AUDIODG.EXE[4000] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770b3ae0 5 bytes JMP 000000010024075c .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770b7a90 5 bytes JMP 00000001002403a4 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770e13c0 5 bytes JMP 0000000077240460 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770e1410 5 bytes JMP 0000000077240450 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000770e1490 5 bytes JMP 0000000100240b14 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770e14f0 5 bytes JMP 0000000100240ecc .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770e1570 5 bytes JMP 0000000077240370 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770e15c0 5 bytes JMP 0000000077240470 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770e15d0 5 bytes JMP 000000010024163c .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770e1680 5 bytes JMP 0000000077240320 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770e16b0 5 bytes JMP 00000000772403b0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770e16d0 5 bytes JMP 0000000077240390 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770e1710 5 bytes JMP 00000000772402e0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770e1790 5 bytes JMP 00000000772402d0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770e17b0 5 bytes JMP 0000000077240310 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770e17f0 5 bytes JMP 00000000772403c0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000770e1810 5 bytes JMP 0000000100241284 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770e1840 5 bytes JMP 00000000772403f0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770e19a0 1 byte JMP 0000000077240230 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770e19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770e1b60 5 bytes JMP 0000000077240480 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770e1b90 5 bytes JMP 00000000772403a0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770e1c70 5 bytes JMP 00000000772402f0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770e1c80 5 bytes JMP 0000000077240350 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770e1ce0 5 bytes JMP 0000000077240290 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770e1d70 5 bytes JMP 00000000772402b0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770e1d90 5 bytes JMP 00000000772403d0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770e1da0 1 byte JMP 0000000077240330 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770e1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770e1e10 5 bytes JMP 0000000077240410 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770e1e40 5 bytes JMP 0000000077240240 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770e2100 5 bytes JMP 00000000772401e0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770e21c0 1 byte JMP 0000000077240250 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770e21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770e21f0 5 bytes JMP 0000000077240490 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770e2200 5 bytes JMP 00000000772404a0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770e2230 5 bytes JMP 0000000077240300 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770e2240 5 bytes JMP 0000000077240360 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770e22a0 5 bytes JMP 00000000772402a0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770e22f0 5 bytes JMP 00000000772402c0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770e2320 5 bytes JMP 0000000077240380 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770e2330 5 bytes JMP 0000000077240340 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770e2620 5 bytes JMP 0000000077240440 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770e2820 5 bytes JMP 0000000077240260 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770e2830 5 bytes JMP 0000000077240270 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770e2840 5 bytes JMP 00000001002419f4 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770e2a00 5 bytes JMP 00000000772401f0 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770e2a10 5 bytes JMP 0000000077240210 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770e2a80 5 bytes JMP 0000000077240200 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770e2ae0 5 bytes JMP 0000000077240420 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770e2af0 5 bytes JMP 0000000077240430 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770e2b00 5 bytes JMP 0000000077240220 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770e2be0 5 bytes JMP 0000000077240280 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe486e00 5 bytes JMP 000007ff7e4a1dac .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe486f2c 5 bytes JMP 000007ff7e4a0ecc .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe487220 5 bytes JMP 000007ff7e4a1284 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe48739c 5 bytes JMP 000007ff7e4a163c .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe487538 5 bytes JMP 000007ff7e4a19f4 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4875e8 5 bytes JMP 000007ff7e4a03a4 .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe48790c 5 bytes JMP 000007ff7e4a075c .text C:\Windows\system32\taskhost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe487ab4 5 bytes JMP 000007ff7e4a0b14 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007728faa0 5 bytes JMP 0000000100030600 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007728fb38 5 bytes JMP 0000000100030804 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc90 5 bytes JMP 0000000100030c0c .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077290018 5 bytes JMP 0000000100030a08 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077291900 5 bytes JMP 0000000100030e10 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772ac45a 5 bytes JMP 00000001000301f8 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772b1217 5 bytes JMP 00000001000303fc .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000757aa30a 1 byte [62] .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075945181 5 bytes JMP 00000001001d1014 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075945254 5 bytes JMP 00000001001d0804 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000759453d5 5 bytes JMP 00000001001d0a08 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000759454c2 5 bytes JMP 00000001001d0c0c .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000759455e2 5 bytes JMP 00000001001d0e10 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007594567c 5 bytes JMP 00000001001d01f8 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007594589f 5 bytes JMP 00000001001d03fc .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075945a22 5 bytes JMP 00000001001d0600 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075c2ee09 5 bytes JMP 00000001001e01f8 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075c33982 5 bytes JMP 00000001001e03fc .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075c37603 5 bytes JMP 00000001001e0804 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075c3835c 5 bytes JMP 00000001001e0600 .text C:\Users\Domek\Desktop\nl5me12b.exe[1564] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075c4f52b 5 bytes JMP 00000001001e0a08 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [944:416] 000007fefba7f2f4 Thread C:\Windows\System32\svchost.exe [944:376] 000007fefb8a6204 Thread C:\Windows\System32\svchost.exe [944:1144] 000007fefafa2070 Thread C:\Windows\System32\svchost.exe [944:1168] 000007fefae15428 Thread C:\Windows\System32\svchost.exe [944:5712] 000007fef8525fd0 Thread C:\Windows\System32\svchost.exe [944:3080] 000007fefec8c608 Thread C:\Windows\System32\svchost.exe [944:4572] 000007fef2c96b8c Thread C:\Windows\System32\svchost.exe [944:4560] 000007fef2c91d88 Thread C:\Windows\System32\svchost.exe [944:4024] 000007fefae6a828 Thread C:\Windows\System32\svchost.exe [976:1272] 000007fef6f744e0 Thread C:\Windows\System32\svchost.exe [976:5004] 000007fef2c720c0 Thread C:\Windows\System32\svchost.exe [976:5036] 000007fef2c726a8 Thread C:\Windows\System32\svchost.exe [976:5048] 000007fef2c729dc Thread C:\Windows\System32\svchost.exe [976:5052] 000007fef2c729dc Thread C:\Windows\System32\svchost.exe [976:5436] 000007fef0833efc Thread C:\Windows\System32\svchost.exe [976:5296] 000007fef08d8a4c Thread C:\Windows\System32\svchost.exe [976:5920] 000007fef82988f8 Thread C:\Windows\System32\svchost.exe [976:3728] 000007fef6f98730 Thread C:\Windows\System32\svchost.exe [976:5616] 000007fef6f8d710 Thread C:\Windows\system32\svchost.exe [1004:5516] 000007fef0a7d3c8 Thread C:\Windows\system32\svchost.exe [1004:5648] 000007fef0a7d3c8 Thread C:\Windows\system32\svchost.exe [1004:5512] 000007fef0a7d3c8 Thread C:\Windows\system32\svchost.exe [1004:5572] 000007fef0a7d3c8 Thread C:\Windows\system32\svchost.exe [112:1652] 000007fef7d01e00 Thread C:\Windows\system32\svchost.exe [112:1680] 000007fef9061a50 Thread C:\Windows\system32\svchost.exe [112:1500] 000007fefc8d1a70 Thread C:\Windows\system32\svchost.exe [112:2920] 000007fef3ae84d8 Thread C:\Windows\system32\svchost.exe [112:2936] 000007fefc8d1a70 Thread C:\Windows\system32\svchost.exe [112:2236] 000007fef3aa23a8 Thread C:\Windows\system32\svchost.exe [112:2572] 000007fef3b90d00 Thread C:\Windows\system32\svchost.exe [112:2500] 000007fef34b9498 Thread C:\Windows\system32\svchost.exe [112:5152] 000007fef203506c Thread C:\Windows\system32\svchost.exe [112:5156] 000007fef7121c20 Thread C:\Windows\system32\svchost.exe [112:5160] 000007fef7121c20 Thread C:\Windows\system32\svchost.exe [112:5820] 000007fef7965124 Thread C:\Windows\system32\svchost.exe [112:4056] 000007fef4d24164 Thread C:\Windows\system32\svchost.exe [112:2512] 000007fef5cf17f8 Thread C:\Windows\system32\svchost.exe [112:3636] 000007fef5cf17f8 Thread C:\Windows\system32\svchost.exe [1120:1148] 000007fefaf4341c Thread C:\Windows\system32\svchost.exe [1120:1156] 000007fefaf43a2c Thread C:\Windows\system32\svchost.exe [1120:1164] 000007fefaf45c20 Thread C:\Windows\system32\svchost.exe [1120:1964] 000007fef831bd88 Thread C:\Windows\system32\svchost.exe [1120:2340] 000007fefbe983d8 Thread C:\Windows\system32\svchost.exe [1120:2344] 000007fefbe983d8 Thread C:\Windows\system32\svchost.exe [1120:3048] 000007fef3913f1c Thread C:\Windows\system32\svchost.exe [1120:3064] 000007fef38e1a38 Thread C:\Windows\system32\svchost.exe [1120:3068] 000007fef37c5388 Thread C:\Windows\system32\svchost.exe [1120:1076] 000007fef37a7738 Thread C:\Windows\system32\svchost.exe [1120:2228] 000007fef3791f90 Thread C:\Windows\system32\svchost.exe [1120:844] 000007fef8a25170 Thread C:\Windows\system32\svchost.exe [1120:5200] 000007fef7965124 Thread C:\Windows\System32\spoolsv.exe [1720:2588] 000007fef2ba10c8 Thread C:\Windows\System32\spoolsv.exe [1720:1520] 000007fef2b76144 Thread C:\Windows\System32\spoolsv.exe [1720:1332] 000007fef8525fd0 Thread C:\Windows\System32\spoolsv.exe [1720:2744] 000007fef2b53438 Thread C:\Windows\System32\spoolsv.exe [1720:2748] 000007fef85263ec Thread C:\Windows\System32\spoolsv.exe [1720:2616] 000007fef2df5e5c Thread C:\Windows\System32\spoolsv.exe [1720:2752] 000007fef37d5074 Thread C:\Windows\System32\spoolsv.exe [1720:3056] 000007fef3842288 Thread C:\Windows\system32\svchost.exe [1748:2024] 000007fef89735c0 Thread C:\Windows\system32\svchost.exe [1748:4944] 000007fef8975600 Thread C:\Windows\system32\svchost.exe [1748:5080] 000007fef1fc2888 Thread C:\Windows\system32\svchost.exe [1748:2140] 000007fef2012940 Thread C:\Windows\system32\svchost.exe [1748:5380] 000007fef1fc2a40 Thread C:\Windows\system32\svchost.exe [1976:2128] 000007fef8525fd0 Thread C:\Windows\system32\svchost.exe [1976:2364] 000007fef85263ec Thread C:\Windows\system32\svchost.exe [1976:5192] 000007fef1df8470 Thread C:\Windows\system32\svchost.exe [1976:5196] 000007fef1e02418 Thread C:\Windows\system32\svchost.exe [1976:2132] 000007fef107f130 Thread C:\Windows\system32\svchost.exe [1976:5728] 000007fef1074734 Thread C:\Windows\system32\svchost.exe [1976:4444] 000007fef1074734 Thread C:\Windows\System32\svchost.exe [2300:4772] 000007fef1209688 Thread C:\Windows\system32\SearchIndexer.exe [3332:5472] 000007fef8a25170 Thread C:\Windows\system32\SearchIndexer.exe [3332:6060] 000007fef26069ac Thread C:\Windows\system32\SearchIndexer.exe [3332:6072] 000007fef23d3dac Thread C:\Windows\system32\SearchIndexer.exe [3332:6076] 000007fef23d1700 Thread C:\Windows\system32\SearchIndexer.exe [3332:6080] 000007fef23fc4ac Thread C:\Windows\system32\SearchIndexer.exe [3332:2400] 000007fef23fb248 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5524:5408] 000007fefe990168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5524:6020] 000007fefe990168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5524:5856] 000007fefac22a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5524:5824] 000007feeec7d618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5524:1268] 000007fef7965124 Thread C:\Windows\System32\svchost.exe [1216:4440] 000007fef7969874 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4268:4236] 0000000075947587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4268:4196] 0000000071d30cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4268:4328] 00000000772c2e25 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4268:5884] 00000000772c3e45 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4268:3196] 00000000772c3e45 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4268:4880] 00000000772c3e45 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 132 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 1418887 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk1\Partition2\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{68A20609-B558-4C65-8133-E5F437B82532}@LeaseObtainedTime 1375178012 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{68A20609-B558-4C65-8133-E5F437B82532}@T1 1375178139 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{68A20609-B558-4C65-8133-E5F437B82532}@T2 1375178235 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{68A20609-B558-4C65-8133-E5F437B82532}@LeaseTerminatesTime 1375178267 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CFD3EE43-557B-4D95-951F-5FCE8D76E5E1}@LeaseObtainedTime 1375178045 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CFD3EE43-557B-4D95-951F-5FCE8D76E5E1}@T1 1375178172 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CFD3EE43-557B-4D95-951F-5FCE8D76E5E1}@T2 1375178268 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CFD3EE43-557B-4D95-951F-5FCE8D76E5E1}@LeaseTerminatesTime 1375178300 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 132 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 1418887 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk1\Partition2\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. ---- EOF - GMER 2.1 ----