Mededeling

Collapse
No announcement yet.

Nog steeds verkleining vrije ruimte C-schijf

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Nog steeds verkleining vrije ruimte C-schijf

    Hallo allemaal,

    Op 5 mei 2014 heb ik gemeld dat mijn C-schijf om onverklaarbare redenen steeds kleiner werd. Nadat Emphyrio had geconstateerd dat er geen malware op de laptop zat, concludeerde hij dat het aan Windows zou liggen. Zie: http://www.nucia.eu/forum/threads/71...120#post696120 .

    Sindsdien ben ik ruim een jaar lang voortdurend met hetzelfde probleem geconfronteerd. De C-schijf schommelde tussen de 2 à 3 Gb, en de laatste drie maanden tussen de 1 à 2 Gb. Schoonmaken met CCleaner en defragmentatie leiden elke keer hooguit tot een vergroting van 500 MB van de ruimte op de C-schijf.

    Gisteren was de vrije ruimte op de C-schijf 840 Mb en na CCleaner en defragmentatie, 1.15 GB. Vervolgens heb ik de laptop meegenomen naar een andere locatie. Toen ik de laptop daar vanmorgen startte was de vrije ruimte ineens 4,15 Gb. Zo groot is de vrije ruimte in 2015 nog niet geweest.

    Verder vind ik het opmerkelijk dat ik al sinds mei 2014 niet meer in staat ben mijn virusscanner F-Secure te updaten. Die mogelijkheid is sinds die tijd geblokkeerd. Ik heb F-Secure via XS4ALL en die zou het gewoon normaal moeten doen.

    Ik heb Malwarebytes net precies de laptop laten scannen, maar er zijn geen bedreigingen aangetroffen. Voor de volledigheid wijs ik erop dat Malwarebytes 94.600 bestanden heeft gescand. Tijdens de heuristische analyse liep dat aantal op tot 429.600 bestanden. Dat lijkt mij wel heel erg veel.

    Op de laptop zijn 118 programma's geïnstalleerd die in totaal 3,04 Gb in beslag nemen. De totale ruimte van de C-schijf is 69.9 Gb.

    Net zoals op 5 mei 2014 ben ik er nog steeds van overtuigd dat er iets op mijn computer zit dat er niet thuishoort c.q. dat iemand van buitenaf de beschikking heeft over mijn C-schijf. Graag hoor ik van jullie wat te doen.

    Alvast hartelijk dank voor alle tijd en moeite.

    TAB1963

  • #2
    De eerste stap is het uitvoeren van deze richtlijn:

    !!! BELANGRIJK !!!: Lees dit eerst voor je hier een bericht plaatst!

    Post de gevraagde logjes.

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Malwarebytes Anti-Malware
      www.malwarebytes.org

      Scandatum: 19-7-2015
      Scantijd: 10:53
      Logboekbestand: mbamlog.txt
      Beheerder: Ja

      Versie: 2.1.8.1057
      Malware-database: v2015.07.19.01
      Rootkit-database: v2015.07.17.01
      Licentie: Gratis
      Malware-bescherming: Uitgeschakeld
      Bescherming tegen kwaadaardige websites: Uitgeschakeld
      Zelfbescherming: Uitgeschakeld

      Besturingssysteem: Windows 7 Service Pack 1
      Processor: x64
      Bestandssysteem: NTFS
      Gebruiker: TAB

      Scantype: Aangepaste scan
      Resultaat: Voltooid
      Objecten gescand: 658653
      Verstreken tijd: 3 u., 6 min, 10 sec

      Geheugen: Ingeschakeld
      Opstarten: Ingeschakeld
      Bestandssysteem: Ingeschakeld
      Archieven: Ingeschakeld
      Rootkits: Ingeschakeld
      Heuristiek: Ingeschakeld
      POP: Ingeschakeld
      POA: Ingeschakeld

      Processen: 0
      (Geen kwaadaardige items gedetecteerd)

      Modules: 0
      (Geen kwaadaardige items gedetecteerd)

      Registersleutels: 0
      (Geen kwaadaardige items gedetecteerd)

      Registerwaarden: 0
      (Geen kwaadaardige items gedetecteerd)

      Registerdata: 0
      (Geen kwaadaardige items gedetecteerd)

      Mappen: 0
      (Geen kwaadaardige items gedetecteerd)

      Bestanden: 2
      PUP.Optional.APNToolBar.A, C:\Users\TAB\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\stub_data\askrt_en.cab , In quarantaine, [712c29ba1377c76fd89aa8ff60a146ba],
      PUP.Optional.DealioTB.A, D:\Users\TAB\Downloads\YouTubeDownloaderSetup251.exe, In quarantaine, [47561ac997f3eb4b9c77f74f966f8f71],

      Fysieke Sectoren: 0
      (Geen kwaadaardige items gedetecteerd)


      (end)


      # AdwCleaner v4.208 - Logbestand aangemaakt 19/07/2015 op 14:17:21
      # Laatste update 09/07/2015 door Xplode
      # Database : 2015-07-15.1 [Server]
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
      # Gebruikersnaam : TAB - TAB-PC
      # Gestart vanuit : C:\Users\TAB\Desktop\adwcleaner_4.208.exe
      # Optie : Verwijderen

      ***** [ Services ] *****

      [#] Service Verwijderd : YahooAUService
      [#] Service Verwijderd : mcaudrv_simple
      [#] Service Verwijderd : ManyCam

      ***** [ Bestanden / Mappen ] *****

      Bestand Verwijderd : C:\Windows\System32\drivers\mcaudrv_x64.sys

      ***** [ Geplande taken ] *****


      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****

      Sleutel Verwijderd : HKCU\Software\OCS

      ***** [ Webbrowsers ] *****

      -\\ Internet Explorer v11.0.9600.17909


      -\\ Mozilla Firefox v39.0 (x86 nl)


      *************************

      AdwCleaner[R0].txt - [18893 bytes] - [05/05/2014 15:51:35]
      AdwCleaner[R1].txt - [1146 bytes] - [19/07/2015 14:15:15]
      AdwCleaner[S0].txt - [19055 bytes] - [05/05/2014 15:52:34]
      AdwCleaner[S1].txt - [1050 bytes] - [19/07/2015 14:17:21]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1109 bytes] ##########



      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.31.2
      Run by TAB at 14:24:14 on 2015-07-19
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4010.1377 [GMT 2:00]
      .
      AV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
      SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
      C:\Windows\system32\WLANExt.exe
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      C:\Windows\System32\svchost.exe -k utcsvc
      C:\Program Files (x86)\F-Secure\fshoster32.exe
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
      C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
      C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
      C:\Program Files (x86)\F-Secure\fshoster32.exe
      C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
      C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      C:\Windows\system32\GWX\GWX.exe
      C:\Program Files\CCleaner\CCleaner64.exe
      C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
      C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
      C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
      C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
      C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
      C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\igfxext.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Windows\system32\sppsvc.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
      C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
      C:\Windows\SysWOW64\RunDll32.exe
      C:\Windows\system32\svchost.exe -k bthsvcs
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Windows\servicing\TrustedInstaller.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
      C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\System32\svchost.exe -k swprv
      C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
      C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
      C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
      C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
      C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      C:\Windows\sysWOW64\wbem\wmiprvse.exe
      C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://samsung.msn.com
      BHO: Xs4all Online Safety: {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https.dll
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
      BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
      BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
      BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
      TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
      uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash
      mRun: [F-Secure Hoster (54599)] "C:\Program Files (x86)\F-Secure\fshoster32.exe" -app -hosterid:1
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      uPolicies-Explorer: NoDrives = dword:0
      mPolicies-Explorer: NoDrives = dword:0
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
      IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
      IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
      IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
      DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
      TCP: NameServer = 192.168.178.1
      TCP: Interfaces\{D88B6D07-B42F-4016-A853-944085FB95CF} : DHCPNameServer = 192.168.178.1
      TCP: Interfaces\{D88B6D07-B42F-4016-A853-944085FB95CF}\64259445A51224F6870264F6E60275C414E40273336303 : DHCPNameServer = 192.168.178.1
      TCP: Interfaces\{E91EA3E8-0AB5-4467-AA08-E4E47BA7B5CE} : DHCPNameServer = 192.168.178.1
      Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
      x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
      x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
      x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
      x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
      x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
      x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
      x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
      x64-Notify: igfxcui - igfxdev.dll
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\TAB\AppData\Roaming\Mozilla\Firefox\Profiles\flnocixi.default\
      FF - prefs.js: browser.search.selectedEngine - Bing
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
      FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
      FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
      FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
      FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
      FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
      FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
      FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
      FF - plugin: C:\Windows\System32\npmirage.dll
      FF - plugin: C:\Windows\System32\npmproxy.dll
      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
      R0 RapportHades64;RapportHades64;C:\Windows\System32\drivers\RapportHades64.sys [2015-6-11 121432]
      R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-5-14 376184]
      R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2014-11-4 69960]
      R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2012-9-3 13248]
      R1 RapportCerberus_1412112;RapportCerberus_1412112;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCe rberus\baseline\RapportCerberus64_1412112.sys [2015-6-25 917112]
      R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-6-2 485368]
      R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-6-2 480440]
      R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2011-3-15 13824]
      R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
      R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\F-Secure\fshoster32.exe [2013-10-30 191528]
      R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [2012-8-6 60352]
      R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-6-2 2222360]
      R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
      R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]
      R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
      R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-15 2656280]
      R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-7-28 349736]
      R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-7-28 39464]
      R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-11-10 31088]
      R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2012-9-3 202792]
      R3 fsni;fsni;C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [2014-6-19 86056]
      R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
      R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-7 25816]
      R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64. sys [2013-5-14 266328]
      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-15 412264]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
      S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-19 1133880]
      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
      S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
      S3 fsccsys1346691823;F-Secure Content Control Driver;C:\Windows\System32\drivers\fsccsys.sys [2012-9-3 58424]
      S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-24 57280]
      S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-17 114688]
      S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
      S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
      S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-19 63704]
      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-21 19456]
      S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2011-7-28 166704]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-15 56832]
      S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-29 1255736]
      .
      =============== Created Last 30 ================
      .
      2015-07-17 17:14:32 -------- d-----w- C:\Program Files\CCleaner
      2015-07-17 17:08:45 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2015-07-17 17:07:53 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
      2015-07-17 17:06:58 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
      2015-07-17 17:06:58 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2015-07-17 17:06:57 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
      2015-07-17 17:06:56 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
      2015-07-17 17:03:51 429568 ----a-w- C:\Windows\System32\wksprt.exe
      2015-07-17 17:03:47 7077376 ----a-w- C:\Windows\System32\mstscax.dll
      2015-07-17 17:03:35 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
      2015-07-17 17:03:30 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
      2015-07-17 17:03:28 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
      2015-07-17 17:03:27 62976 ----a-w- C:\Windows\System32\tsgqec.dll
      2015-07-17 17:03:26 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
      2015-07-17 17:03:12 2087424 ----a-w- C:\Windows\System32\ole32.dll
      2015-07-17 17:03:09 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
      2015-07-17 17:02:14 188416 ----a-w- C:\Windows\System32\cryptsvc.dll
      2015-07-17 17:02:14 143872 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
      2015-07-17 17:02:13 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
      2015-07-17 17:02:07 1480192 ----a-w- C:\Windows\System32\crypt32.dll
      2015-07-17 17:02:05 229376 ----a-w- C:\Windows\System32\wintrust.dll
      2015-07-17 17:02:04 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
      2015-07-17 17:02:04 140288 ----a-w- C:\Windows\System32\cryptnet.dll
      2015-07-17 17:02:03 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
      2015-07-17 16:59:58 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
      2015-07-17 16:59:58 60416 ----a-w- C:\Windows\System32\msobjs.dll
      2015-07-17 16:58:52 3242496 ----a-w- C:\Windows\System32\msi.dll
      2015-07-17 16:58:50 1941504 ----a-w- C:\Windows\System32\authui.dll
      2015-07-17 16:58:49 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
      2015-07-17 16:58:48 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
      2015-07-17 16:58:47 128000 ----a-w- C:\Windows\System32\msiexec.exe
      2015-07-17 16:58:46 112064 ----a-w- C:\Windows\System32\consent.exe
      2015-07-17 16:58:43 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
      2015-07-17 16:58:43 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
      2015-07-17 16:58:42 504320 ----a-w- C:\Windows\System32\msihnd.dll
      2015-07-17 16:58:41 70656 ----a-w- C:\Windows\System32\appinfo.dll
      2015-07-17 16:58:41 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
      2015-07-17 16:58:41 25088 ----a-w- C:\Windows\System32\msimsg.dll
      2015-07-17 16:57:09 765440 ----a-w- C:\Windows\System32\invagent.dll
      2015-07-17 16:57:09 726528 ----a-w- C:\Windows\System32\generaltel.dll
      2015-07-17 16:57:09 433664 ----a-w- C:\Windows\System32\devinv.dll
      2015-07-17 16:57:09 1145856 ----a-w- C:\Windows\System32\aeinv.dll
      2015-07-17 16:57:09 1085440 ----a-w- C:\Windows\System32\appraiser.dll
      2015-07-17 16:57:08 67584 ----a-w- C:\Windows\System32\acmigration.dll
      2015-07-17 16:57:08 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
      2015-07-17 16:57:07 227328 ----a-w- C:\Windows\System32\aepdu.dll
      2015-07-17 16:57:01 372224 ----a-w- C:\Windows\System32\atmfd.dll
      2015-07-17 16:57:00 46080 ----a-w- C:\Windows\System32\atmlib.dll
      2015-07-17 16:57:00 41984 ----a-w- C:\Windows\System32\lpk.dll
      2015-07-17 16:57:00 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
      2015-07-17 16:56:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
      2015-07-17 16:56:59 14336 ----a-w- C:\Windows\System32\dciman32.dll
      2015-07-17 16:56:59 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
      2015-07-17 16:56:58 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
      2015-07-17 16:56:58 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
      2015-07-17 16:56:58 100864 ----a-w- C:\Windows\System32\fontsub.dll
      2015-07-14 18:09:46 18524336 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
      2015-06-23 23:29:00 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
      .
      ==================== Find3M ====================
      .
      2015-07-19 08:53:36 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
      2015-07-14 18:10:14 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2015-07-14 18:10:14 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
      2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
      2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
      2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
      2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
      2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
      2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
      2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
      2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
      2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
      2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
      2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
      2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
      2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
      2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
      2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
      2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
      2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
      2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
      2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
      2015-07-01 20:49:11 729088 ----a-w- C:\Windows\System32\kerberos.dll
      2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
      2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
      2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
      2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
      2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
      2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
      2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
      2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
      2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
      2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
      2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
      2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
      2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
      2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
      2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
      2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
      2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
      2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
      2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
      2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
      2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
      2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
      2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
      2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
      2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
      2015-06-23 11:30:20 300704 ------w- C:\Windows\System32\MpSigStub.exe
      2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
      2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
      2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
      2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
      2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
      2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
      2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
      2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
      2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
      2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
      2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
      2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
      2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
      2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
      2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
      2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
      2015-06-18 06:41:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
      2015-06-18 06:41:44 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
      2015-06-18 06:41:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
      2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
      2015-06-09 18:03:22 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
      2015-06-09 18:03:22 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
      2015-06-02 16:41:06 376184 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
      2015-06-02 16:41:06 121432 ----a-w- C:\Windows\System32\drivers\RapportHades64.sys
      2015-06-02 00:07:15 254976 ----a-w- C:\Windows\System32\cewmdm.dll
      2015-06-01 23:47:09 210432 ----a-w- C:\Windows\SysWow64\cewmdm.dll
      2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
      2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
      2015-05-25 18:19:27 362496 ----a-w- C:\Windows\System32\wow64win.dll
      2015-05-25 18:19:27 243712 ----a-w- C:\Windows\System32\wow64.dll
      2015-05-25 18:19:27 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
      2015-05-25 18:19:26 215040 ----a-w- C:\Windows\System32\winsrv.dll
      2015-05-25 18:19:13 1255424 ----a-w- C:\Windows\System32\diagtrack.dll
      2015-05-25 18:19:10 879104 ----a-w- C:\Windows\System32\tdh.dll
      2015-05-25 18:19:09 503808 ----a-w- C:\Windows\System32\srcore.dll
      2015-05-25 18:19:09 50176 ----a-w- C:\Windows\System32\srclient.dll
      2015-05-25 18:19:09 113664 ----a-w- C:\Windows\System32\sechost.dll
      2015-05-25 18:19:04 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
      2015-05-25 18:19:02 424960 ----a-w- C:\Windows\System32\KernelBase.dll
      .
      ============= FINISH: 14:26:26,38 ===============

      Comment


      • #4
        GMER 2.1.19357 - http://www.gmer.net
        Rootkit scan 2015-07-19 14:41:50
        Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596,17GB
        Running: g8dk8c35.exe; Driver: C:\Users\TAB\AppData\Local\Temp\uwldipow.sys


        ---- User code sections - GMER 2.1 ----

        .text C:\Windows\system32\lsm.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 00000001001a1018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 00000001001a0018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 00000001001a2018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001001a3018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001001a4018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001001a5018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
        .text C:\Windows\system32\lsm.exe[800] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100511018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100510018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100512018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100515018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100516018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 4 bytes JMP 0000000100517018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007749f874 5 bytes JMP 0000000100514018
        .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00000000774b8c20 5 bytes JMP 0000000100513018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 00000001005a1018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 00000001005a0018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 00000001005a2018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001005a5018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001005a6018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 4 bytes JMP 00000001005a7018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100211018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100210018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100212018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100215018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100216018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000100217018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
        .text C:\Windows\system32\nvvsvc.exe[1000] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100281018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100280018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100282018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100285018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100286018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000100287018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
        .text C:\Windows\system32\svchost.exe[312] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077780058 5 bytes JMP 00000001002aead0
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075652ca4 4 bytes CALL 71ab0000
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075694296 5 bytes JMP 0000000171a50022
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075694889 5 bytes JMP 0000000171a10022
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007569d1ea 5 bytes JMP 00000001719d0022
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000756a7673 5 bytes JMP 0000000171ae0022
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes JMP 76fbb21b C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes JMP 76fbb346 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes JMP 77038f29 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes CALL 76f9489d C:\Windows\syswow64\kernel32.dll
        .text ... * 9
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes JMP 77038822 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes JMP 770389f8 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes JMP 77038718 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes JMP 77038ae2 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes JMP 76fafca8 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes JMP 76fb68ef C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes JMP 77038fe3 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes JMP 77038b42 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes JMP 770386dc C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes JMP 76fafd41 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes JMP 76fbb2dc C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes JMP 77038ea4 C:\Windows\syswow64\kernel32.dll
        .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes JMP 77038671 C:\Windows\syswow64\kernel32.dll
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100dd1018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100dd0018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100dd2018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100dd5018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100dd6018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 4 bytes JMP 0000000100dd7018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
        .text C:\Windows\System32\svchost.exe[640] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100da1018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100da0018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100da2018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100da5018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100da6018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 4 bytes JMP 0000000100da7018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
        .text C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 00000001001e1018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 00000001001e0018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 00000001001e2018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001001e5018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001001e6018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001001e7018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
        .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100d41018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100d40018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100d42018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100d45018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100d46018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 4 bytes JMP 0000000100d47018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
        .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077790038 5 bytes JMP 000000010032100c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077790860 5 bytes JMP 000000010032000c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077790968 5 bytes JMP 000000010032200c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000076faec3f 5 bytes JMP 000000010032c00c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076fb3b62 5 bytes JMP 000000010032e00c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000077008a31 5 bytes JMP 000000010032f00c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 000000007564ce53 5 bytes JMP 000000010033200c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 000000007564dff8 5 bytes JMP 000000010033100c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007564eca6 5 bytes JMP 000000010033300c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 0000000075650f0a 5 bytes JMP 000000010032b00c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007565137f 5 bytes JMP 000000010032d00c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 0000000075653999 5 bytes JMP 000000010033500c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075653e7e 2 bytes JMP 000000010033400c
        .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 0000000075653e81 2 bytes [CE, 8A]

        Comment


        • #5
          .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 000000007565924e 5 bytes JMP 000000010033000c
          .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000075fd4d5c 5 bytes JMP 000000010032700c
          .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000075fd4dc3 5 bytes JMP 000000010032800c
          .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075fd567c 5 bytes JMP 000000010032a00c
          .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075fd589f 5 bytes JMP 000000010032900c
          .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 0000000075fd714b 5 bytes JMP 000000010032600c
          .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1064] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000075fd7245 5 bytes JMP 000000010032500c
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100345018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100346018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000100347018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
          .text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100bf1018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100bf0018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100bf2018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100bf5018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100bf6018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 4 bytes JMP 0000000100bf7018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
          .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100671018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100670018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100672018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100675018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100676018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 4 bytes JMP 0000000100677018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
          .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 00000001002b1018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 00000001002b0018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 00000001002b2018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001002b5018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001002b6018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001002b7018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100291018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100290018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100292018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100295018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100296018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000100297018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100bc1018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100bc0018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100bc2018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100bc5018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100bc6018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 4 bytes JMP 0000000100bc7018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
          .text C:\Windows\system32\svchost.exe[1596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077790038 5 bytes JMP 000000010011100c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077790860 5 bytes JMP 000000010011000c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077790968 5 bytes JMP 000000010011200c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000076faec3f 5 bytes JMP 000000010011c00c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076fb3b62 5 bytes JMP 000000010011e00c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000077008a31 5 bytes JMP 000000010011f00c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 000000007564ce53 5 bytes JMP 000000010012200c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 000000007564dff8 5 bytes JMP 000000010012100c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007564eca6 5 bytes JMP 000000010012300c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 0000000075650f0a 5 bytes JMP 000000010011b00c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007565137f 5 bytes JMP 000000010011d00c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 0000000075653999 5 bytes JMP 000000010012500c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075653e7e 2 bytes JMP 000000010012400c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 0000000075653e81 2 bytes [AD, 8A]
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 000000007565924e 5 bytes JMP 000000010012000c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000751b7603 5 bytes JMP 000000010011400c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000751b835c 5 bytes JMP 000000010011300c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000075fd4d5c 5 bytes JMP 000000010011700c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000075fd4dc3 5 bytes JMP 000000010011800c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075fd567c 5 bytes JMP 000000010011a00c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075fd589f 5 bytes JMP 000000010011900c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 0000000075fd714b 5 bytes JMP 000000010011600c
          .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000075fd7245 5 bytes JMP 000000010011500c
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100211018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100210018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100212018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100215018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100216018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000100217018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
          .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1784] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100c51018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100c50018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100c52018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100c55018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100c56018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 4 bytes JMP 0000000100c57018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
          .text C:\Windows\System32\svchost.exe[1812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 00000001031b1018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 00000001031b0018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 00000001031b2018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001031b5018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001031b6018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001031b7018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Windows\system32\taskhost.exe[1104] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000102341018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000102340018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000102342018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000102345018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000102346018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000102347018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 00000001040c1018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 00000001040c0018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 00000001040c2018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001040c5018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001040c6018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001040c7018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
          .text C:\Windows\Explorer.EXE[844] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 00000001002a1018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 00000001002a0018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 00000001002a2018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001002a5018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001002a6018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001002a7018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Windows\system32\taskeng.exe[2092] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100551018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100550018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100552018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100555018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100556018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 4 bytes JMP 0000000100557018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
          .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018

          Comment


          • #6
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
            .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000102221018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000102220018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000102222018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000102225018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000102226018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000102227018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
            .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100221018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100220018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100222018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100225018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100226018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000100227018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
            .text C:\Windows\System32\hkcmd.exe[2648] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100231018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100230018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100232018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100235018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100236018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000100237018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
            .text C:\Windows\System32\igfxpers.exe[2716] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 00000001025d1018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 00000001025d0018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 00000001025d2018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001025d5018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001025d6018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001025d7018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
            .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2888] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100191018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100190018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100192018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100195018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100196018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000100197018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
            .text C:\Windows\system32\taskeng.exe[2996] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077780058 5 bytes JMP 0000000100a0b880
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075652ca4 4 bytes CALL 71ac0000
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075694296 5 bytes JMP 0000000171a20022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075694889 5 bytes JMP 00000001719e0022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007569d1ea 5 bytes JMP 0000000171970022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000756a7673 5 bytes JMP 0000000171a60022
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes JMP 76fbb21b C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes JMP 76fbb346 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes JMP 77038f29 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes CALL 76f9489d C:\Windows\syswow64\kernel32.dll
            .text ... * 9
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes JMP 77038822 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes JMP 770389f8 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes JMP 77038718 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes JMP 77038ae2 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes JMP 76fafca8 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes JMP 76fb68ef C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes JMP 77038fe3 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes JMP 77038b42 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes JMP 770386dc C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes JMP 76fafd41 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes JMP 76fbb2dc C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes JMP 77038ea4 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes JMP 77038671 C:\Windows\syswow64\kernel32.dll
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000101d21018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000101d20018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000101d22018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000101d25018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000101d26018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000101d27018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
            .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2824] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077790038 5 bytes JMP 00000001003e100c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077790860 5 bytes JMP 00000001003e000c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077790968 5 bytes JMP 00000001003e200c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000076faec3f 5 bytes JMP 00000001003ec00c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076fb3b62 5 bytes JMP 00000001003ee00c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000077008a31 5 bytes JMP 00000001003ef00c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 000000007564ce53 5 bytes JMP 00000001003f200c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 000000007564dff8 5 bytes JMP 00000001003f100c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007564eca6 5 bytes JMP 00000001003f300c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 0000000075650f0a 5 bytes JMP 00000001003eb00c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007565137f 5 bytes JMP 00000001003ed00c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 0000000075653999 5 bytes JMP 00000001003f500c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075653e7e 2 bytes JMP 00000001003f400c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 0000000075653e81 2 bytes [DA, 8A]
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 000000007565924e 5 bytes JMP 00000001003f000c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000751b7603 5 bytes JMP 00000001003e400c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000751b835c 5 bytes JMP 00000001003e300c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000075fd4d5c 5 bytes JMP 00000001003e700c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000075fd4dc3 5 bytes JMP 00000001003e800c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075fd567c 5 bytes JMP 00000001003ea00c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075fd589f 5 bytes JMP 00000001003e900c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 0000000075fd714b 5 bytes JMP 00000001003e600c
            .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2300] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000075fd7245 5 bytes JMP 00000001003e500c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077790038 5 bytes JMP 000000010045100c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077790860 5 bytes JMP 000000010045000c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077790968 5 bytes JMP 000000010045200c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000076faec3f 5 bytes JMP 000000010045c00c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076fb3b62 5 bytes JMP 000000010045e00c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000077008a31 5 bytes JMP 000000010045f00c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 000000007564ce53 5 bytes JMP 000000010046200c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 000000007564dff8 5 bytes JMP 000000010046100c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007564eca6 5 bytes JMP 000000010046300c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 0000000075650f0a 5 bytes JMP 000000010045b00c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007565137f 5 bytes JMP 000000010045d00c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 0000000075653999 5 bytes JMP 000000010046500c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075653e7e 2 bytes JMP 000000010046400c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 0000000075653e81 2 bytes [E1, 8A]
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 000000007565924e 5 bytes JMP 000000010046000c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000075fd4d5c 5 bytes JMP 000000010045700c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000075fd4dc3 5 bytes JMP 000000010045800c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075fd567c 5 bytes JMP 000000010045a00c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075fd589f 5 bytes JMP 000000010045900c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 0000000075fd714b 5 bytes JMP 000000010045600c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000075fd7245 5 bytes JMP 000000010045500c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000751b7603 5 bytes JMP 000000010045400c
            .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2924] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000751b835c 5 bytes JMP 000000010045300c
            .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077790038 5 bytes JMP 0000000102a1100c
            .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077790860 5 bytes JMP 0000000102a1000c
            .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077790968 5 bytes JMP 0000000102a1200c
            .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3324] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000076faec3f 5 bytes JMP 0000000102a1c00c
            .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3324] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076fb3b62 5 bytes JMP 0000000102a1e00c
            .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3324] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000077008a31 5 bytes JMP 0000000102a1f00c
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100291018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100290018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100292018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100295018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100296018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000100297018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
            .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000100801018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000100800018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000100802018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100805018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100806018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 4 bytes JMP 0000000100807018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3776] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
            .text C:\Windows\system32\igfxext.exe[3928] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001002f5018
            .text C:\Windows\system32\igfxext.exe[3928] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001002f6018
            .text C:\Windows\system32\igfxext.exe[3928] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001002f7018
            .text C:\Windows\system32\igfxext.exe[3928] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
            .text C:\Windows\system32\igfxext.exe[3928] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
            .text C:\Windows\system32\igfxext.exe[3928] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
            .text C:\Windows\system32\igfxext.exe[3928] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
            .text C:\Windows\system32\igfxext.exe[3928] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
            .text C:\Windows\system32\igfxext.exe[3928] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
            .text C:\Windows\system32\igfxext.exe[3928] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
            .text C:\Windows\system32\igfxext.exe[3928] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3520] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001000e5018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3520] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001000e6018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3520] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001000e7018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3520] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3520] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3520] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3520] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3520] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3520] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3520] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
            .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3520] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
            .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077790038 5 bytes JMP 000000010016100c
            .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077790860 5 bytes JMP 000000010016000c

            Comment


            • #7
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077790968 5 bytes JMP 000000010016200c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000076faec3f 5 bytes JMP 000000010016c00c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076fb3b62 5 bytes JMP 000000010016e00c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000077008a31 5 bytes JMP 000000010016f00c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 000000007564ce53 5 bytes JMP 00000001001f200c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 000000007564dff8 5 bytes JMP 00000001001f100c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007564eca6 5 bytes JMP 00000001001f300c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 0000000075650f0a 5 bytes JMP 000000010016b00c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007565137f 5 bytes JMP 000000010016d00c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 0000000075653999 5 bytes JMP 00000001001f500c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075653e7e 2 bytes JMP 00000001001f400c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 0000000075653e81 2 bytes [BA, 8A]
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 000000007565924e 5 bytes JMP 00000001001f000c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000751b7603 5 bytes JMP 000000010016400c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000751b835c 5 bytes JMP 000000010016300c
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes JMP 76fbb21b C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes JMP 76fbb346 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes JMP 77038f29 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes CALL 76f9489d C:\Windows\syswow64\kernel32.dll
              .text ... * 9
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes JMP 77038822 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes JMP 770389f8 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes JMP 77038718 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes JMP 77038ae2 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes JMP 76fafca8 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes JMP 76fb68ef C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes JMP 77038fe3 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes JMP 77038b42 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes JMP 770386dc C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes JMP 76fafd41 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes JMP 76fbb2dc C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes JMP 77038ea4 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\SysWOW64\RunDll32.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes JMP 77038671 C:\Windows\syswow64\kernel32.dll
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000100125018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000100126018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000100127018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
              .text C:\Windows\system32\svchost.exe[4932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001001a5018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001001a6018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001001a7018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
              .text C:\Windows\system32\svchost.exe[5084] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 00000001003d1018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 00000001003d0018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 00000001003d2018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001003d5018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001003d6018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001003d7018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
              .text C:\Windows\system32\svchost.exe[4164] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 0000000105eb1018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 0000000105eb0018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 0000000105eb2018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 0000000105eb5018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 0000000105eb6018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 0000000105eb7018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
              .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775de080 5 bytes JMP 00000001001d1018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775de5d0 5 bytes JMP 00000001001d0018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00000000775de680 5 bytes JMP 00000001001d2018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000773727e0 5 bytes JMP 00000001001d5018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077381870 5 bytes JMP 00000001001d6018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 00000000773f9100 5 bytes JMP 00000001001d7018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefd4457b0 5 bytes JMP 000007ff7dc99018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefd448770 5 bytes JMP 000007ff7dc98018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefd448e80 5 bytes JMP 000007ff7dc96018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd4499f0 5 bytes JMP 000007ff7dc9c018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd44ceb0 5 bytes JMP 000007ff7dc9d018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefd4537d0 5 bytes JMP 000007ff7dc97018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefd456190 5 bytes JMP 000007ff7dc9a018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474310 5 bytes JMP 000007ff7dc9b018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefdc8642c 5 bytes JMP 000007ff7dc92018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc86484 5 bytes JMP 000007ff7dc91018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefdc86518 5 bytes JMP 000007ff7dc93018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc86c34 5 bytes JMP 000007ff7dc90018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc875e8 5 bytes JMP 000007ff7dc95018
              .text C:\Windows\system32\DllHost.exe[4092] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc8790c 5 bytes JMP 000007ff7dc94018
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077790038 5 bytes JMP 000000010002100c
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077790860 5 bytes JMP 000000010002000c
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077790968 5 bytes JMP 000000010002200c
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes JMP 76fbb21b C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes JMP 76fbb346 C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes JMP 77038f29 C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes CALL 76f9489d C:\Windows\syswow64\kernel32.dll
              .text ... * 9
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes JMP 77038822 C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes JMP 770389f8 C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes JMP 77038718 C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes JMP 77038ae2 C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes JMP 76fafca8 C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes JMP 76fb68ef C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes JMP 77038fe3 C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes JMP 77038b42 C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes JMP 770386dc C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes JMP 76fafd41 C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes JMP 76fbb2dc C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes JMP 77038ea4 C:\Windows\syswow64\kernel32.dll
              .text C:\Users\TAB\Desktop\g8dk8c35.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes JMP 77038671 C:\Windows\syswow64\kernel32.dll

              ---- Threads - GMER 2.1 ----

              Thread C:\Windows\system32\svchost.exe [1136:1328] 000007fefab38274
              Thread C:\Windows\system32\svchost.exe [1136:1188] 000007fefab38274
              Thread C:\Windows\System32\spoolsv.exe [1548:1936] 000007fef83410c8
              Thread C:\Windows\System32\spoolsv.exe [1548:1964] 000007fef8306144
              Thread C:\Windows\System32\spoolsv.exe [1548:1956] 000007fef80f5fd0
              Thread C:\Windows\System32\spoolsv.exe [1548:1972] 000007fef80e3438
              Thread C:\Windows\System32\spoolsv.exe [1548:1988] 000007fef80f63ec
              Thread C:\Windows\System32\spoolsv.exe [1548:2028] 000007fef8885e5c
              Thread C:\Windows\System32\spoolsv.exe [1548:1992] 000007fef89e5074
              Thread C:\Windows\System32\svchost.exe [1812:1212] 000007fef8d63410
              Thread C:\Windows\System32\svchost.exe [1812:1960] 000007fef8d42e30
              Thread C:\Windows\System32\svchost.exe [1812:2052] 000007fef8d15050
              Thread C:\Windows\System32\svchost.exe [1812:2056] 000007fef8d3ed70
              Thread C:\Windows\System32\svchost.exe [1812:2060] 000007fef8d15040
              Thread C:\Windows\System32\svchost.exe [1812:2064] 000007fef8db4290
              Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4460:5672] 000007fefbb42bf8

              ---- Registry - GMER 2.1 ----

              Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb115d31b
              Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1d33403
              Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f8f794c
              Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb115d31b (not active ControlSet)
              Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1d33403 (not active ControlSet)
              Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f8f794c (not active ControlSet)

              ---- Disk sectors - GMER 2.1 ----

              Disk \Device\Harddisk0\DR0 unknown MBR code

              ---- EOF - GMER 2.1 ----

              Comment


              • #8
                Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                Download TDSSKiller en plaats het op je bureaublad.
                .
                • Pak de bestanden in tdsskiller.zip uit.
                • Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
                • Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit (Load update).
                • Klik op de knop "Start Scan" en volg de instructies.
                • Zet de items dat het vind in quarantaine

                .
                Als er een Reboot (herstart) wordt gevraagt, dan klik je op Reboot Now.
                Anders klik je op Report.
                Kopie en plak de logfile die tevoorschijn komt.

                Opmerking: Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  01:35:14.0056 0x22cc TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
                  01:35:24.0576 0x22cc ============================================================
                  01:35:24.0576 0x22cc Current date / time: 2015/07/20 01:35:24.0576
                  01:35:24.0576 0x22cc SystemInfo:
                  01:35:24.0576 0x22cc
                  01:35:24.0576 0x22cc OS Version: 6.1.7601 ServicePack: 1.0
                  01:35:24.0576 0x22cc Product type: Workstation
                  01:35:24.0576 0x22cc ComputerName: TAB-PC
                  01:35:24.0576 0x22cc UserName: TAB
                  01:35:24.0576 0x22cc Windows directory: C:\Windows
                  01:35:24.0576 0x22cc System windows directory: C:\Windows
                  01:35:24.0576 0x22cc Running under WOW64
                  01:35:24.0576 0x22cc Processor architecture: Intel x64
                  01:35:24.0576 0x22cc Number of processors: 4
                  01:35:24.0576 0x22cc Page size: 0x1000
                  01:35:24.0576 0x22cc Boot type: Normal boot
                  01:35:24.0576 0x22cc ============================================================
                  01:35:24.0726 0x22cc KLMD registered as C:\Windows\system32\drivers\54311256.sys
                  01:35:24.0986 0x22cc System UUID: {E8E794D1-CDEB-0C2C-8121-494EE2348CE8}
                  01:35:25.0426 0x22cc Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
                  01:35:25.0516 0x22cc ============================================================
                  01:35:25.0516 0x22cc \Device\Harddisk0\DR0:
                  01:35:25.0516 0x22cc MBR partitions:
                  01:35:25.0516 0x22cc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
                  01:35:25.0516 0x22cc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x8C00000
                  01:35:25.0536 0x22cc \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x8C33000, BlocksNum 0x39E56000
                  01:35:25.0536 0x22cc ============================================================
                  01:35:25.0566 0x22cc C: <-> \Device\Harddisk0\DR0\Partition2
                  01:35:25.0616 0x22cc D: <-> \Device\Harddisk0\DR0\Partition3
                  01:35:25.0616 0x22cc ============================================================
                  01:35:25.0616 0x22cc Initialize success
                  01:35:25.0616 0x22cc ============================================================
                  01:35:37.0056 0x256c ============================================================
                  01:35:37.0056 0x256c Scan started
                  01:35:37.0056 0x256c Mode: Manual;
                  01:35:37.0056 0x256c ============================================================
                  01:35:37.0056 0x256c KSN ping started
                  01:35:39.0576 0x256c KSN ping finished: true
                  01:35:40.0296 0x256c ================ Scan system memory ========================
                  01:35:40.0296 0x256c System memory - ok
                  01:35:40.0296 0x256c ================ Scan services =============================
                  01:35:40.0516 0x256c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
                  01:35:40.0536 0x256c 1394ohci - ok
                  01:35:40.0626 0x256c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
                  01:35:40.0636 0x256c ACPI - ok
                  01:35:40.0666 0x256c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
                  01:35:40.0666 0x256c AcpiPmi - ok
                  01:35:40.0796 0x256c [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                  01:35:40.0806 0x256c AdobeARMservice - ok
                  01:35:40.0946 0x256c [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
                  01:35:40.0966 0x256c AdobeFlashPlayerUpdateSvc - ok
                  01:35:41.0016 0x256c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
                  01:35:41.0036 0x256c adp94xx - ok
                  01:35:41.0086 0x256c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
                  01:35:41.0106 0x256c adpahci - ok
                  01:35:41.0126 0x256c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
                  01:35:41.0126 0x256c adpu320 - ok
                  01:35:41.0166 0x256c [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
                  01:35:41.0176 0x256c AeLookupSvc - ok
                  01:35:41.0256 0x256c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
                  01:35:41.0276 0x256c AFD - ok
                  01:35:41.0316 0x256c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
                  01:35:41.0326 0x256c agp440 - ok
                  01:35:41.0356 0x256c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
                  01:35:41.0366 0x256c ALG - ok
                  01:35:41.0406 0x256c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
                  01:35:41.0406 0x256c aliide - ok
                  01:35:41.0436 0x256c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
                  01:35:41.0436 0x256c amdide - ok
                  01:35:41.0476 0x256c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
                  01:35:41.0476 0x256c AmdK8 - ok
                  01:35:41.0486 0x256c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
                  01:35:41.0496 0x256c AmdPPM - ok
                  01:35:41.0536 0x256c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
                  01:35:41.0536 0x256c amdsata - ok
                  01:35:41.0566 0x256c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
                  01:35:41.0566 0x256c amdsbs - ok
                  01:35:41.0596 0x256c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
                  01:35:41.0596 0x256c amdxata - ok
                  01:35:41.0646 0x256c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
                  01:35:41.0646 0x256c AppID - ok
                  01:35:41.0686 0x256c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
                  01:35:41.0686 0x256c AppIDSvc - ok
                  01:35:41.0726 0x256c [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
                  01:35:41.0736 0x256c Appinfo - ok
                  01:35:41.0806 0x256c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
                  01:35:41.0816 0x256c arc - ok
                  01:35:41.0836 0x256c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
                  01:35:41.0846 0x256c arcsas - ok
                  01:35:41.0996 0x256c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
                  01:35:41.0996 0x256c aspnet_state - ok
                  01:35:42.0026 0x256c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
                  01:35:42.0036 0x256c AsyncMac - ok
                  01:35:42.0086 0x256c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
                  01:35:42.0096 0x256c atapi - ok
                  01:35:42.0186 0x256c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
                  01:35:42.0216 0x256c AudioEndpointBuilder - ok
                  01:35:42.0236 0x256c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
                  01:35:42.0256 0x256c AudioSrv - ok
                  01:35:42.0306 0x256c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
                  01:35:42.0306 0x256c AxInstSV - ok
                  01:35:42.0346 0x256c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
                  01:35:42.0356 0x256c b06bdrv - ok
                  01:35:42.0396 0x256c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
                  01:35:42.0406 0x256c b57nd60a - ok
                  01:35:42.0556 0x256c [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
                  01:35:42.0576 0x256c BBSvc - ok
                  01:35:42.0806 0x256c [ 43AD3D3E7674833FCA9A7C4E7180AD54, 81CBF3146853FCCA26C14D23160892BD892269C5BB8B2167837339372BD38DA2 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
                  01:35:42.0956 0x256c BCM43XX - ok
                  01:35:42.0996 0x256c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
                  01:35:42.0996 0x256c BDESVC - ok
                  01:35:43.0036 0x256c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
                  01:35:43.0036 0x256c Beep - ok
                  01:35:43.0136 0x256c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
                  01:35:43.0156 0x256c BFE - ok
                  01:35:43.0226 0x256c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
                  01:35:43.0256 0x256c BITS - ok
                  01:35:43.0276 0x256c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
                  01:35:43.0276 0x256c blbdrive - ok
                  01:35:43.0336 0x256c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
                  01:35:43.0346 0x256c bowser - ok
                  01:35:43.0376 0x256c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
                  01:35:43.0376 0x256c BrFiltLo - ok
                  01:35:43.0456 0x256c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
                  01:35:43.0456 0x256c BrFiltUp - ok
                  01:35:43.0506 0x256c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
                  01:35:43.0516 0x256c BridgeMP - ok
                  01:35:43.0546 0x256c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
                  01:35:43.0556 0x256c Browser - ok
                  01:35:43.0586 0x256c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
                  01:35:43.0596 0x256c Brserid - ok
                  01:35:43.0606 0x256c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
                  01:35:43.0606 0x256c BrSerWdm - ok
                  01:35:43.0636 0x256c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
                  01:35:43.0636 0x256c BrUsbMdm - ok
                  01:35:43.0646 0x256c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
                  01:35:43.0646 0x256c BrUsbSer - ok
                  01:35:43.0686 0x256c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
                  01:35:43.0686 0x256c BthEnum - ok
                  01:35:43.0716 0x256c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
                  01:35:43.0716 0x256c BTHMODEM - ok
                  01:35:43.0756 0x256c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
                  01:35:43.0766 0x256c BthPan - ok
                  01:35:43.0826 0x256c [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
                  01:35:43.0846 0x256c BTHPORT - ok
                  01:35:43.0876 0x256c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
                  01:35:43.0886 0x256c bthserv - ok
                  01:35:43.0906 0x256c [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
                  01:35:43.0906 0x256c BTHUSB - ok
                  01:35:43.0976 0x256c [ A0DFB69ADE3444C78B17636FCF28E898, 21B1E76F056C2AFD5DEAFD620D2F90F4F617F8E76A88CEA2196E69D2CFBEE88B ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
                  01:35:43.0986 0x256c BTWAMPFL - ok
                  01:35:44.0026 0x256c [ F6135859A582A7294BA7A3336E08BAA1, DE30457F91C25950C2713CE3A2AE1F1EFFBB068DD3B0BCC87700E7CBAF73C818 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
                  01:35:44.0036 0x256c btwaudio - ok
                  01:35:44.0086 0x256c [ 3DEF2370E414B4E299673558BA171A51, 5A0923D9F941ABD34EC9BEE0EB62A62F135CBF128061239CC6EA0E6752791636 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
                  01:35:44.0086 0x256c btwavdt - ok
                  01:35:44.0216 0x256c [ B7DEA77EE893806859072274EE8EC8FC, E58AB4AE9A6FB4112814305D28BA7A060EAB92F98328737A7E719B3AFFE24383 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
                  01:35:44.0246 0x256c btwdins - ok
                  01:35:44.0266 0x256c [ 9AD0FA253ED531D39FB2D74FE12A5FA9, 74AC5ECB4F770274BBA8EBC584A0F08FDDDA21C4BB2A2DDD4BB871DC47B1447C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
                  01:35:44.0266 0x256c btwl2cap - ok
                  01:35:44.0306 0x256c [ 9937E0E4DFC0030560A6DFE9D3A94B39, 0B9CF1932D4534BD7B1F5D7B7BD5FBF9C8D156838D24ABBDE475E79EEF1150F1 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
                  01:35:44.0306 0x256c btwrchid - ok
                  01:35:44.0336 0x256c catchme - ok
                  01:35:44.0376 0x256c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
                  01:35:44.0376 0x256c cdfs - ok
                  01:35:44.0436 0x256c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
                  01:35:44.0436 0x256c cdrom - ok
                  01:35:44.0476 0x256c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
                  01:35:44.0476 0x256c CertPropSvc - ok
                  01:35:44.0506 0x256c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
                  01:35:44.0506 0x256c circlass - ok
                  01:35:44.0586 0x256c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
                  01:35:44.0596 0x256c CLFS - ok
                  01:35:44.0686 0x256c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
                  01:35:44.0696 0x256c clr_optimization_v2.0.50727_32 - ok
                  01:35:44.0756 0x256c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
                  01:35:44.0766 0x256c clr_optimization_v2.0.50727_64 - ok
                  01:35:44.0876 0x256c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
                  01:35:44.0886 0x256c clr_optimization_v4.0.30319_32 - ok
                  01:35:44.0906 0x256c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                  01:35:44.0916 0x256c clr_optimization_v4.0.30319_64 - ok
                  01:35:44.0956 0x256c [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
                  01:35:44.0966 0x256c clwvd - ok
                  01:35:44.0996 0x256c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
                  01:35:45.0006 0x256c CmBatt - ok
                  01:35:45.0036 0x256c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
                  01:35:45.0036 0x256c cmdide - ok
                  01:35:45.0116 0x256c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
                  01:35:45.0136 0x256c CNG - ok
                  01:35:45.0156 0x256c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
                  01:35:45.0156 0x256c Compbatt - ok
                  01:35:45.0206 0x256c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
                  01:35:45.0216 0x256c CompositeBus - ok
                  01:35:45.0226 0x256c COMSysApp - ok
                  01:35:45.0246 0x256c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
                  01:35:45.0256 0x256c crcdisk - ok
                  01:35:45.0296 0x256c [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
                  01:35:45.0306 0x256c CryptSvc - ok
                  01:35:45.0366 0x256c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
                  01:35:45.0386 0x256c DcomLaunch - ok
                  01:35:45.0426 0x256c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
                  01:35:45.0436 0x256c defragsvc - ok
                  01:35:45.0486 0x256c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
                  01:35:45.0486 0x256c DfsC - ok
                  01:35:45.0536 0x256c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
                  01:35:45.0546 0x256c Dhcp - ok
                  01:35:45.0696 0x256c [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll
                  01:35:45.0726 0x256c DiagTrack - ok
                  01:35:45.0766 0x256c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
                  01:35:45.0766 0x256c discache - ok
                  01:35:45.0806 0x256c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
                  01:35:45.0816 0x256c Disk - ok
                  01:35:45.0856 0x256c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
                  01:35:45.0876 0x256c Dnscache - ok
                  01:35:45.0926 0x256c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
                  01:35:45.0946 0x256c dot3svc - ok
                  01:35:45.0986 0x256c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
                  01:35:45.0996 0x256c DPS - ok
                  01:35:46.0036 0x256c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
                  01:35:46.0036 0x256c drmkaud - ok
                  01:35:46.0126 0x256c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
                  01:35:46.0156 0x256c DXGKrnl - ok
                  01:35:46.0186 0x256c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
                  01:35:46.0196 0x256c EapHost - ok
                  01:35:46.0346 0x256c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
                  01:35:46.0416 0x256c ebdrv - ok
                  01:35:46.0466 0x256c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] EFS C:\Windows\System32\lsass.exe
                  01:35:46.0466 0x256c EFS - ok
                  01:35:46.0546 0x256c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
                  01:35:46.0566 0x256c ehRecvr - ok
                  01:35:46.0586 0x256c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
                  01:35:46.0596 0x256c ehSched - ok
                  01:35:46.0646 0x256c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
                  01:35:46.0656 0x256c elxstor - ok
                  01:35:46.0676 0x256c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
                  01:35:46.0676 0x256c ErrDev - ok
                  01:35:46.0716 0x256c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
                  01:35:46.0726 0x256c EventSystem - ok
                  01:35:46.0746 0x256c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
                  01:35:46.0756 0x256c exfat - ok
                  01:35:46.0936 0x256c [ AC8786936481ED2142D9AF383C7F7EC7, 8EF4AD91B10A60863F96917FAFDEBCD36EECC1C6D11E29A59FEBF194EFEBD11B ] F-Secure Gatekeeper C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
                  01:35:46.0956 0x256c F-Secure Gatekeeper - ok
                  01:35:47.0026 0x256c [ 5BD34B7056EDA4C4EEA0A690384DD4B9, F03A12C3C1C74753ACAEE9E638C4E52BB3EAFE1F4BB60B0A98BE959B1F7C1103 ] F-Secure HIPS C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
                  01:35:47.0026 0x256c F-Secure HIPS - ok
                  01:35:47.0076 0x256c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
                  01:35:47.0086 0x256c fastfat - ok
                  01:35:47.0186 0x256c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
                  01:35:47.0216 0x256c Fax - ok
                  01:35:47.0226 0x256c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
                  01:35:47.0226 0x256c fdc - ok
                  01:35:47.0266 0x256c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
                  01:35:47.0266 0x256c fdPHost - ok
                  01:35:47.0276 0x256c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
                  01:35:47.0286 0x256c FDResPub - ok
                  01:35:47.0296 0x256c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
                  01:35:47.0296 0x256c FileInfo - ok
                  01:35:47.0316 0x256c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
                  01:35:47.0316 0x256c Filetrace - ok
                  01:35:47.0336 0x256c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
                  01:35:47.0336 0x256c flpydisk - ok
                  01:35:47.0366 0x256c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
                  01:35:47.0376 0x256c FltMgr - ok

                  Comment


                  • #10
                    01:35:47.0456 0x256c [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
                    01:35:47.0486 0x256c FontCache - ok
                    01:35:47.0536 0x256c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
                    01:35:47.0536 0x256c FontCache3.0.0.0 - ok
                    01:35:47.0606 0x256c [ 2CB98ADA9CBF7A1D8AE16BA763513497, D0FF52C4A27A8F8AACD14F27C47A3B0C4362A8B41372BB6D47F561441BB88FDD ] fsccsys1346691823 C:\Windows\System32\drivers\fsccsys.sys
                    01:35:47.0606 0x256c fsccsys1346691823 - ok
                    01:35:47.0636 0x256c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
                    01:35:47.0636 0x256c FsDepends - ok
                    01:35:47.0696 0x256c [ D985CF1BAE6F263CCCF3E94DD7C52A6A, A480AC901864A6B459E20B1561AC6B0562A1F600D3F295BA4E32E7A5C4FEAE02 ] fshoster C:\Program Files (x86)\F-Secure\fshoster32.exe
                    01:35:47.0706 0x256c fshoster - ok
                    01:35:47.0786 0x256c [ 494D3590E9684FF660AD0A0E9473BCC7, 034EB9E8950E92F3266BF225BF349D0E3E63E7FE4B7169E8A1DD1C1977525991 ] FSMA C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
                    01:35:47.0806 0x256c FSMA - ok
                    01:35:47.0866 0x256c [ A9B71020E6275088459F9053BDFB34CD, 27EC5BEFFC97F43226F35476C79A8F1A9D3568770A582C11DE735AEC64ACB610 ] fsni C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys
                    01:35:47.0876 0x256c fsni - ok
                    01:35:47.0936 0x256c [ 45303CDBC1FD8F8D371E726BF126F771, AEBAD185AD6DA8648900C840DE64C2D83E94515EC0E08586C52BF64C8C2E4B6F ] FSORSPClient C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
                    01:35:47.0946 0x256c FSORSPClient - ok
                    01:35:47.0986 0x256c [ C2E475625F2C6F7DCDE4E920523A0573, C316D2223008BD5EA022AFB79CC21B841939FA8D511729455E787E59A27A0DE6 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
                    01:35:47.0996 0x256c fssfltr - ok
                    01:35:48.0166 0x256c [ 812E1BA5C52A78F13EA6AA10DF708B1D, CF1C4D8E072CF0D66C977DFA4C852E5CE757843BEAF5D29454D26A9AC5766E61 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
                    01:35:48.0206 0x256c fsssvc - ok
                    01:35:48.0256 0x256c [ E34D552D6CA4A1F61D003A44210BDD93, 87A26D36E220DD0E0C5AED5CFAAC4C4255CBEFA9D7C36072224E8A16F5DF6F1D ] fsvista C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
                    01:35:48.0256 0x256c fsvista - ok
                    01:35:48.0286 0x256c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
                    01:35:48.0286 0x256c Fs_Rec - ok
                    01:35:48.0346 0x256c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
                    01:35:48.0356 0x256c fvevol - ok
                    01:35:48.0386 0x256c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
                    01:35:48.0396 0x256c gagp30kx - ok
                    01:35:48.0466 0x256c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
                    01:35:48.0486 0x256c gpsvc - ok
                    01:35:48.0496 0x256c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
                    01:35:48.0506 0x256c hcw85cir - ok
                    01:35:48.0556 0x256c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
                    01:35:48.0566 0x256c HdAudAddService - ok
                    01:35:48.0586 0x256c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
                    01:35:48.0586 0x256c HDAudBus - ok
                    01:35:48.0606 0x256c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
                    01:35:48.0606 0x256c HidBatt - ok
                    01:35:48.0626 0x256c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
                    01:35:48.0626 0x256c HidBth - ok
                    01:35:48.0656 0x256c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
                    01:35:48.0656 0x256c HidIr - ok
                    01:35:48.0686 0x256c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
                    01:35:48.0696 0x256c hidserv - ok
                    01:35:48.0736 0x256c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
                    01:35:48.0746 0x256c HidUsb - ok
                    01:35:48.0796 0x256c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
                    01:35:48.0796 0x256c hkmsvc - ok
                    01:35:48.0826 0x256c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
                    01:35:48.0836 0x256c HomeGroupListener - ok
                    01:35:48.0886 0x256c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
                    01:35:48.0886 0x256c HomeGroupProvider - ok
                    01:35:48.0936 0x256c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
                    01:35:48.0936 0x256c HpSAMD - ok
                    01:35:49.0006 0x256c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
                    01:35:49.0026 0x256c HTTP - ok
                    01:35:49.0046 0x256c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
                    01:35:49.0046 0x256c hwpolicy - ok
                    01:35:49.0106 0x256c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
                    01:35:49.0106 0x256c i8042prt - ok
                    01:35:49.0156 0x256c [ F7CE9BE72EDAC499B713ECA6DAE5D26F, AF158C8ADF0815C406435AB051C8D8DD0ECBDBA8644CB75D7611980D70662193 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
                    01:35:49.0166 0x256c iaStor - ok
                    01:35:49.0236 0x256c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
                    01:35:49.0246 0x256c iaStorV - ok
                    01:35:49.0306 0x256c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
                    01:35:49.0326 0x256c idsvc - ok
                    01:35:49.0356 0x256c IEEtwCollectorService - ok
                    01:35:49.0776 0x256c [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
                    01:35:50.0206 0x256c igfx - ok
                    01:35:50.0256 0x256c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
                    01:35:50.0266 0x256c iirsp - ok
                    01:35:50.0356 0x256c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
                    01:35:50.0386 0x256c IKEEXT - ok
                    01:35:50.0516 0x256c [ 72A253EFCA059D8CF303371255624890, 2D4AB4C5F3A2F05893197B662A51BA527EACE917B36912CAC0672DCDE3A58805 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
                    01:35:50.0576 0x256c IntcAzAudAddService - ok
                    01:35:50.0616 0x256c [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
                    01:35:50.0626 0x256c IntcDAud - ok
                    01:35:50.0666 0x256c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
                    01:35:50.0666 0x256c intelide - ok
                    01:35:50.0706 0x256c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
                    01:35:50.0706 0x256c intelppm - ok
                    01:35:50.0746 0x256c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
                    01:35:50.0756 0x256c IPBusEnum - ok
                    01:35:50.0796 0x256c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
                    01:35:50.0796 0x256c IpFilterDriver - ok
                    01:35:50.0866 0x256c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
                    01:35:50.0886 0x256c iphlpsvc - ok
                    01:35:50.0916 0x256c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
                    01:35:50.0916 0x256c IPMIDRV - ok
                    01:35:50.0936 0x256c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
                    01:35:50.0936 0x256c IPNAT - ok
                    01:35:50.0976 0x256c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
                    01:35:50.0976 0x256c IRENUM - ok
                    01:35:51.0026 0x256c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
                    01:35:51.0026 0x256c isapnp - ok
                    01:35:51.0076 0x256c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
                    01:35:51.0096 0x256c iScsiPrt - ok
                    01:35:51.0126 0x256c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
                    01:35:51.0126 0x256c kbdclass - ok
                    01:35:51.0166 0x256c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
                    01:35:51.0176 0x256c kbdhid - ok
                    01:35:51.0206 0x256c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] KeyIso C:\Windows\system32\lsass.exe
                    01:35:51.0206 0x256c KeyIso - ok
                    01:35:51.0236 0x256c [ C0A6C3D6E02B61B5D100FE17306C276F, F57C7BCC39B30F1DF739D07B76BA18EB68D12D8D1BD13B6AC8DC712C29119495 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
                    01:35:51.0236 0x256c KSecDD - ok
                    01:35:51.0246 0x256c [ 7A7328E427694CC7244235C3BC299F80, 7FC2E1F3F93B3334C3A8961CA58B4F38524650F6D8DA9FFA1FB43E1A2B86B710 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
                    01:35:51.0256 0x256c KSecPkg - ok
                    01:35:51.0276 0x256c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
                    01:35:51.0276 0x256c ksthunk - ok
                    01:35:51.0306 0x256c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
                    01:35:51.0316 0x256c KtmRm - ok
                    01:35:51.0366 0x256c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
                    01:35:51.0376 0x256c LanmanServer - ok
                    01:35:51.0406 0x256c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
                    01:35:51.0416 0x256c LanmanWorkstation - ok
                    01:35:51.0456 0x256c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
                    01:35:51.0456 0x256c lltdio - ok
                    01:35:51.0496 0x256c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
                    01:35:51.0516 0x256c lltdsvc - ok
                    01:35:51.0546 0x256c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
                    01:35:51.0546 0x256c lmhosts - ok
                    01:35:51.0606 0x256c [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                    01:35:51.0616 0x256c LMS - ok
                    01:35:51.0656 0x256c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
                    01:35:51.0656 0x256c LSI_FC - ok
                    01:35:51.0676 0x256c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
                    01:35:51.0676 0x256c LSI_SAS - ok
                    01:35:51.0696 0x256c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
                    01:35:51.0706 0x256c LSI_SAS2 - ok
                    01:35:51.0726 0x256c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
                    01:35:51.0726 0x256c LSI_SCSI - ok
                    01:35:51.0756 0x256c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
                    01:35:51.0756 0x256c luafv - ok
                    01:35:51.0806 0x256c [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
                    01:35:51.0816 0x256c LVRS64 - ok
                    01:35:51.0996 0x256c [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
                    01:35:52.0156 0x256c LVUVC64 - ok
                    01:35:52.0236 0x256c [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
                    01:35:52.0246 0x256c MBAMProtector - ok
                    01:35:52.0376 0x256c [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
                    01:35:52.0406 0x256c MBAMService - ok
                    01:35:52.0446 0x256c [ AE757332EA130E94E646621CC695B52A, E688CF34A4206F32B5C7301119D8459C3456FC178FA1DAA6215CE15F2C824C43 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
                    01:35:52.0446 0x256c MBAMWebAccessControl - ok
                    01:35:52.0486 0x256c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
                    01:35:52.0496 0x256c Mcx2Svc - ok
                    01:35:52.0516 0x256c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
                    01:35:52.0516 0x256c megasas - ok
                    01:35:52.0556 0x256c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
                    01:35:52.0566 0x256c MegaSR - ok
                    01:35:52.0606 0x256c [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
                    01:35:52.0606 0x256c MEIx64 - ok
                    01:35:52.0636 0x256c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
                    01:35:52.0636 0x256c MMCSS - ok
                    01:35:52.0656 0x256c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
                    01:35:52.0656 0x256c Modem - ok
                    01:35:52.0686 0x256c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
                    01:35:52.0686 0x256c monitor - ok
                    01:35:52.0736 0x256c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
                    01:35:52.0736 0x256c mouclass - ok
                    01:35:52.0766 0x256c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
                    01:35:52.0766 0x256c mouhid - ok
                    01:35:52.0806 0x256c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
                    01:35:52.0816 0x256c mountmgr - ok
                    01:35:52.0876 0x256c [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                    01:35:52.0896 0x256c MozillaMaintenance - ok
                    01:35:52.0916 0x256c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
                    01:35:52.0916 0x256c mpio - ok
                    01:35:52.0936 0x256c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
                    01:35:52.0936 0x256c mpsdrv - ok
                    01:35:53.0016 0x256c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
                    01:35:53.0036 0x256c MpsSvc - ok
                    01:35:53.0086 0x256c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
                    01:35:53.0086 0x256c MRxDAV - ok
                    01:35:53.0156 0x256c [ 1877EB1495CFBDAB27D6A32F6DDF3818, 3818055C66AB12A335A905CFFE5D05347F15AE488861C5C183E62E8E0881DA86 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
                    01:35:53.0176 0x256c mrxsmb - ok
                    01:35:53.0186 0x256c [ 21AF322605D8C7F2A627C22634D1C9C9, 6B783F95D093FEFB260EA9568926BBB3CB8ED0783184DB3A18733E211933BADD ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
                    01:35:53.0196 0x256c mrxsmb10 - ok
                    01:35:53.0206 0x256c [ 45A03A0B6461EFBEE77E0A6AC2816EDA, CFB0C11387F2EC49FD6B69EF747962114EBA6F8B4B4DEC3627E9E969775C4D7E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
                    01:35:53.0206 0x256c mrxsmb20 - ok
                    01:35:53.0246 0x256c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
                    01:35:53.0246 0x256c msahci - ok
                    01:35:53.0276 0x256c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
                    01:35:53.0286 0x256c msdsm - ok
                    01:35:53.0306 0x256c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
                    01:35:53.0306 0x256c MSDTC - ok
                    01:35:53.0346 0x256c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
                    01:35:53.0346 0x256c Msfs - ok
                    01:35:53.0366 0x256c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
                    01:35:53.0376 0x256c mshidkmdf - ok
                    01:35:53.0406 0x256c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
                    01:35:53.0406 0x256c msisadrv - ok
                    01:35:53.0436 0x256c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
                    01:35:53.0446 0x256c MSiSCSI - ok
                    01:35:53.0456 0x256c msiserver - ok
                    01:35:53.0486 0x256c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
                    01:35:53.0496 0x256c MSKSSRV - ok
                    01:35:53.0506 0x256c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
                    01:35:53.0506 0x256c MSPCLOCK - ok
                    01:35:53.0526 0x256c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
                    01:35:53.0526 0x256c MSPQM - ok
                    01:35:53.0586 0x256c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
                    01:35:53.0596 0x256c MsRPC - ok
                    01:35:53.0626 0x256c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
                    01:35:53.0626 0x256c mssmbios - ok
                    01:35:53.0636 0x256c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
                    01:35:53.0636 0x256c MSTEE - ok
                    01:35:53.0656 0x256c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
                    01:35:53.0656 0x256c MTConfig - ok
                    01:35:53.0676 0x256c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
                    01:35:53.0676 0x256c Mup - ok
                    01:35:53.0716 0x256c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
                    01:35:53.0736 0x256c napagent - ok
                    01:35:53.0786 0x256c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
                    01:35:53.0806 0x256c NativeWifiP - ok
                    01:35:53.0936 0x256c [ 0D01287D85B3715FA8270E8EC919B7F7, E9833237934C6B86622D91A15636DDE2C26A92D1854C244A99FBCF5AAAA5E435 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
                    01:35:53.0966 0x256c NBService - ok
                    01:35:54.0046 0x256c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
                    01:35:54.0076 0x256c NDIS - ok
                    01:35:54.0106 0x256c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
                    01:35:54.0106 0x256c NdisCap - ok
                    01:35:54.0146 0x256c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
                    01:35:54.0146 0x256c NdisTapi - ok
                    01:35:54.0186 0x256c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
                    01:35:54.0186 0x256c Ndisuio - ok
                    01:35:54.0236 0x256c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
                    01:35:54.0236 0x256c NdisWan - ok
                    01:35:54.0276 0x256c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
                    01:35:54.0276 0x256c NDProxy - ok
                    01:35:54.0296 0x256c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
                    01:35:54.0296 0x256c NetBIOS - ok
                    01:35:54.0326 0x256c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
                    01:35:54.0336 0x256c NetBT - ok
                    01:35:54.0356 0x256c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] Netlogon C:\Windows\system32\lsass.exe
                    01:35:54.0356 0x256c Netlogon - ok
                    01:35:54.0386 0x256c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
                    01:35:54.0396 0x256c Netman - ok
                    01:35:54.0456 0x256c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
                    01:35:54.0466 0x256c NetMsmqActivator - ok
                    01:35:54.0486 0x256c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
                    01:35:54.0496 0x256c NetPipeActivator - ok
                    01:35:54.0536 0x256c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
                    01:35:54.0556 0x256c netprofm - ok
                    01:35:54.0586 0x256c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
                    01:35:54.0586 0x256c NetTcpActivator - ok
                    01:35:54.0596 0x256c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
                    01:35:54.0596 0x256c NetTcpPortSharing - ok
                    01:35:54.0626 0x256c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
                    01:35:54.0626 0x256c nfrd960 - ok
                    01:35:54.0666 0x256c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
                    01:35:54.0676 0x256c NlaSvc - ok
                    01:35:54.0786 0x256c [ C4EBBBD7165BE535F0BFD06B80601D91, BA8C8A42081E3F87690CC8312B106A9297F3D25F29E3C3F84F460B98FC18C201 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
                    01:35:54.0796 0x256c NMIndexingService - ok
                    01:35:54.0826 0x256c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
                    01:35:54.0826 0x256c Npfs - ok
                    01:35:54.0836 0x256c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
                    01:35:54.0836 0x256c nsi - ok
                    01:35:54.0856 0x256c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
                    01:35:54.0856 0x256c nsiproxy - ok
                    01:35:54.0976 0x256c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
                    01:35:55.0016 0x256c Ntfs - ok
                    01:35:55.0036 0x256c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
                    01:35:55.0036 0x256c Null - ok
                    01:35:55.0476 0x256c [ 5104BAC2DA2A5BDD86AC6B0708B00F06, A02501514F8517CB5A6CFE4352A3D0F864153470015589428A6B14477E791514 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
                    01:35:55.0876 0x256c nvlddmkm - ok
                    01:35:55.0926 0x256c [ 918841B2454F4F2BD94479692079490B, 16667315DE4EB5543E176273362791B157223E775ED1CF285330CC8195E0F1BB ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
                    01:35:55.0926 0x256c nvpciflt - ok
                    01:35:55.0976 0x256c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
                    01:35:55.0986 0x256c nvraid - ok
                    01:35:56.0016 0x256c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
                    01:35:56.0026 0x256c nvstor - ok
                    01:35:56.0126 0x256c [ DDFAFCE89A5C93D04712B86F94E9FCBA, 377303D4CAC9E3AD5B58894CF7AECDA4FCD3D721568BE8BACC0A897A0956919A ] NVSvc C:\Windows\system32\nvvsvc.exe
                    01:35:56.0146 0x256c NVSvc - ok
                    01:35:56.0256 0x256c [ 84E035225474E48CD3A6A3CE52332095, C90E1BC112EDED3035F2D440DDA6FC838D5D9B5F0D7CBE5E4672FEB1CC49F449 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
                    01:35:56.0286 0x256c nvUpdatusService - ok
                    01:35:56.0326 0x256c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
                    01:35:56.0326 0x256c nv_agp - ok
                    01:35:56.0356 0x256c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
                    01:35:56.0356 0x256c ohci1394 - ok
                    01:35:56.0446 0x256c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                    01:35:56.0456 0x256c ose - ok
                    01:35:56.0696 0x256c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
                    01:35:56.0846 0x256c osppsvc - ok
                    01:35:56.0896 0x256c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
                    01:35:56.0906 0x256c p2pimsvc - ok
                    01:35:56.0926 0x256c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
                    01:35:56.0936 0x256c p2psvc - ok
                    01:35:56.0986 0x256c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
                    01:35:56.0986 0x256c Parport - ok
                    01:35:57.0036 0x256c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
                    01:35:57.0036 0x256c partmgr - ok
                    01:35:57.0086 0x256c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
                    01:35:57.0086 0x256c PcaSvc - ok
                    01:35:57.0146 0x256c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
                    01:35:57.0166 0x256c pci - ok
                    01:35:57.0186 0x256c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
                    01:35:57.0196 0x256c pciide - ok
                    01:35:57.0216 0x256c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
                    01:35:57.0226 0x256c pcmcia - ok
                    01:35:57.0236 0x256c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
                    01:35:57.0246 0x256c pcw - ok
                    01:35:57.0306 0x256c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
                    01:35:57.0326 0x256c PEAUTH - ok
                    01:35:57.0396 0x256c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
                    01:35:57.0396 0x256c PerfHost - ok
                    01:35:57.0476 0x256c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
                    01:35:57.0506 0x256c pla - ok
                    01:35:57.0556 0x256c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
                    01:35:57.0566 0x256c PlugPlay - ok
                    01:35:57.0586 0x256c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
                    01:35:57.0586 0x256c PNRPAutoReg - ok
                    01:35:57.0606 0x256c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
                    01:35:57.0616 0x256c PNRPsvc - ok
                    01:35:57.0666 0x256c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
                    01:35:57.0676 0x256c PolicyAgent - ok
                    01:35:57.0706 0x256c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
                    01:35:57.0706 0x256c Power - ok
                    01:35:57.0756 0x256c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
                    01:35:57.0756 0x256c PptpMiniport - ok
                    01:35:57.0776 0x256c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
                    01:35:57.0786 0x256c Processor - ok
                    01:35:57.0826 0x256c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
                    01:35:57.0836 0x256c ProfSvc - ok
                    01:35:57.0846 0x256c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] ProtectedStorage C:\Windows\system32\lsass.exe
                    01:35:57.0846 0x256c ProtectedStorage - ok
                    01:35:57.0896 0x256c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
                    01:35:57.0896 0x256c Psched - ok
                    01:35:57.0966 0x256c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
                    01:35:57.0996 0x256c ql2300 - ok
                    01:35:58.0026 0x256c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
                    01:35:58.0026 0x256c ql40xx - ok
                    01:35:58.0056 0x256c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
                    01:35:58.0066 0x256c QWAVE - ok
                    01:35:58.0086 0x256c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
                    01:35:58.0086 0x256c QWAVEdrv - ok
                    01:35:58.0266 0x256c [ E2FDAE0EBA17678687135A0BB2CB94BF, FDA5193753583B8A7F24ED768A691E9BDD517CA2E77145B4947AC12E10D25A7E ] RapportCerberus_1412112 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys
                    01:35:58.0286 0x256c RapportCerberus_1412112 - ok
                    01:35:58.0386 0x256c [ 29EF14214CED4A57F9C28432047AC2DF, 0AC33514261D4B4047C903DD90766200C50157EA2C7ADC8A577E3FBA65265C05 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
                    01:35:58.0406 0x256c RapportEI64 - ok
                    01:35:58.0456 0x256c [ C71ABC336AEEF88406755F8C80F7565E, D18E36D026EC1F3339BC5290F0B9F1F50EBAFC4F26CFB075FB6488FF7D042937 ] RapportHades64 C:\Windows\system32\Drivers\RapportHades64.sys
                    01:35:58.0466 0x256c RapportHades64 - ok
                    01:35:58.0496 0x256c [ DBA641B7AF0E89AC56B314CD8C002540, FA757C74C0141242DC60939052E87ED24E26E7BED3C4FDD3453CA72127C73232 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
                    01:35:58.0506 0x256c RapportKE64 - ok
                    01:35:58.0586 0x256c [ C6B6270CD764CD00A2E6BF04FA9F63CF, 72C5E0FDB9A810F52153E025FDC916D8F1368C07E2F18A87640AEBD6CAD7B003 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
                    01:35:58.0616 0x256c RapportMgmtService - ok
                    01:35:58.0696 0x256c [ 277212D212F134AFD250A82D524C79BB, DD8D1A7E07C37DC9090B5F82C55157242909946ED627FB680D479FECA9BEA1A9 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
                    01:35:58.0706 0x256c RapportPG64 - ok
                    01:35:58.0726 0x256c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
                    01:35:58.0726 0x256c RasAcd - ok
                    01:35:58.0766 0x256c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
                    01:35:58.0766 0x256c RasAgileVpn - ok
                    01:35:58.0796 0x256c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
                    01:35:58.0796 0x256c RasAuto - ok
                    01:35:58.0836 0x256c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
                    01:35:58.0846 0x256c Rasl2tp - ok
                    01:35:58.0886 0x256c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
                    01:35:58.0896 0x256c RasMan - ok
                    01:35:58.0926 0x256c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
                    01:35:58.0926 0x256c RasPppoe - ok
                    01:35:58.0936 0x256c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
                    01:35:58.0936 0x256c RasSstp - ok
                    01:35:58.0986 0x256c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
                    01:35:58.0986 0x256c rdbss - ok
                    01:35:59.0006 0x256c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
                    01:35:59.0006 0x256c rdpbus - ok
                    01:35:59.0036 0x256c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
                    01:35:59.0036 0x256c RDPCDD - ok
                    01:35:59.0066 0x256c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
                    01:35:59.0066 0x256c RDPENCDD - ok
                    01:35:59.0076 0x256c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
                    01:35:59.0076 0x256c RDPREFMP - ok
                    01:35:59.0206 0x256c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
                    01:35:59.0206 0x256c RdpVideoMiniport - ok
                    01:35:59.0256 0x256c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
                    01:35:59.0266 0x256c RDPWD - ok
                    01:35:59.0326 0x256c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
                    01:35:59.0336 0x256c rdyboost - ok
                    01:35:59.0366 0x256c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
                    01:35:59.0376 0x256c RemoteAccess - ok
                    01:35:59.0416 0x256c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
                    01:35:59.0426 0x256c RemoteRegistry - ok
                    01:35:59.0476 0x256c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
                    01:35:59.0476 0x256c RFCOMM - ok
                    01:35:59.0576 0x256c [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
                    01:35:59.0586 0x256c RichVideo - ok
                    01:35:59.0606 0x256c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
                    01:35:59.0606 0x256c RpcEptMapper - ok
                    01:35:59.0636 0x256c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
                    01:35:59.0636 0x256c RpcLocator - ok
                    01:35:59.0686 0x256c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
                    01:35:59.0696 0x256c RpcSs - ok
                    01:35:59.0746 0x256c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
                    01:35:59.0746 0x256c rspndr - ok
                    01:35:59.0786 0x256c [ 712944C0A377E9B8743F95BD83E882D4, B437396B8D80EC8F121C93F18DE6F83D2DF7FC87D15D3DF8639D47EC28E0D1D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
                    01:35:59.0796 0x256c RTL8167 - ok
                    01:35:59.0826 0x256c [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI C:\Windows\system32\Drivers\SABI.sys
                    01:35:59.0826 0x256c SABI - ok
                    01:35:59.0846 0x256c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] SamSs C:\Windows\system32\lsass.exe
                    01:35:59.0846 0x256c SamSs - ok
                    01:35:59.0886 0x256c [ D641337B75B9A9D5AE10687AA1097755, 1495654D9090FDE04EF8605D1C8A4B0ACA1A50A4E0A992DE2F049CB8413E860C ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
                    01:35:59.0896 0x256c Samsung UPD Service - ok
                    01:35:59.0926 0x256c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
                    01:35:59.0936 0x256c sbp2port - ok
                    01:35:59.0966 0x256c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
                    01:35:59.0976 0x256c SCardSvr - ok

                    Comment


                    • #11
                      01:36:00.0006 0x256c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
                      01:36:00.0006 0x256c scfilter - ok
                      01:36:00.0096 0x256c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
                      01:36:00.0116 0x256c Schedule - ok
                      01:36:00.0146 0x256c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
                      01:36:00.0146 0x256c SCPolicySvc - ok
                      01:36:00.0186 0x256c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
                      01:36:00.0196 0x256c SDRSVC - ok
                      01:36:00.0286 0x256c [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
                      01:36:00.0296 0x256c SeaPort - ok
                      01:36:00.0326 0x256c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
                      01:36:00.0326 0x256c secdrv - ok
                      01:36:00.0356 0x256c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
                      01:36:00.0356 0x256c seclogon - ok
                      01:36:00.0386 0x256c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
                      01:36:00.0386 0x256c SENS - ok
                      01:36:00.0406 0x256c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
                      01:36:00.0416 0x256c SensrSvc - ok
                      01:36:00.0446 0x256c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
                      01:36:00.0446 0x256c Serenum - ok
                      01:36:00.0476 0x256c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
                      01:36:00.0486 0x256c Serial - ok
                      01:36:00.0526 0x256c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
                      01:36:00.0536 0x256c sermouse - ok
                      01:36:00.0576 0x256c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
                      01:36:00.0576 0x256c SessionEnv - ok
                      01:36:00.0606 0x256c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
                      01:36:00.0606 0x256c sffdisk - ok
                      01:36:00.0626 0x256c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
                      01:36:00.0626 0x256c sffp_mmc - ok
                      01:36:00.0636 0x256c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
                      01:36:00.0636 0x256c sffp_sd - ok
                      01:36:00.0646 0x256c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
                      01:36:00.0656 0x256c sfloppy - ok
                      01:36:00.0706 0x256c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
                      01:36:00.0716 0x256c SharedAccess - ok
                      01:36:00.0756 0x256c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
                      01:36:00.0766 0x256c ShellHWDetection - ok
                      01:36:00.0796 0x256c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
                      01:36:00.0796 0x256c SiSRaid2 - ok
                      01:36:00.0826 0x256c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
                      01:36:00.0826 0x256c SiSRaid4 - ok
                      01:36:01.0016 0x256c [ 388AE59FE75F1B959DFA0900923C61BB, 0D47F8B4B4FBE5BF041DBE75B0A14D905E9310FFA6F0160746455B38A349EA54 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
                      01:36:01.0086 0x256c Skype C2C Service - ok
                      01:36:01.0186 0x256c [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
                      01:36:01.0196 0x256c SkypeUpdate - ok
                      01:36:01.0216 0x256c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
                      01:36:01.0226 0x256c Smb - ok
                      01:36:01.0276 0x256c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
                      01:36:01.0276 0x256c SNMPTRAP - ok
                      01:36:01.0306 0x256c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
                      01:36:01.0306 0x256c spldr - ok
                      01:36:01.0356 0x256c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
                      01:36:01.0366 0x256c Spooler - ok
                      01:36:01.0546 0x256c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
                      01:36:01.0606 0x256c sppsvc - ok
                      01:36:01.0646 0x256c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
                      01:36:01.0646 0x256c sppuinotify - ok
                      01:36:01.0706 0x256c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
                      01:36:01.0716 0x256c srv - ok
                      01:36:01.0736 0x256c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
                      01:36:01.0746 0x256c srv2 - ok
                      01:36:01.0766 0x256c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
                      01:36:01.0766 0x256c srvnet - ok
                      01:36:01.0786 0x256c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
                      01:36:01.0786 0x256c SSDPSRV - ok
                      01:36:01.0806 0x256c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
                      01:36:01.0816 0x256c SstpSvc - ok
                      01:36:01.0836 0x256c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
                      01:36:01.0836 0x256c stexstor - ok
                      01:36:01.0876 0x256c [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
                      01:36:01.0876 0x256c StillCam - ok
                      01:36:01.0956 0x256c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
                      01:36:01.0976 0x256c stisvc - ok
                      01:36:02.0016 0x256c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
                      01:36:02.0016 0x256c swenum - ok
                      01:36:02.0086 0x256c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
                      01:36:02.0106 0x256c swprv - ok
                      01:36:02.0176 0x256c [ F5B46DF59FEAA48A442AED7EEB754D4B, 8415FDD5E7B4D4819BB9B0937CDF254548C871045787958BCF708096204B1714 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
                      01:36:02.0206 0x256c SynTP - ok
                      01:36:02.0326 0x256c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
                      01:36:02.0366 0x256c SysMain - ok
                      01:36:02.0406 0x256c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
                      01:36:02.0416 0x256c TabletInputService - ok
                      01:36:02.0436 0x256c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
                      01:36:02.0446 0x256c TapiSrv - ok
                      01:36:02.0466 0x256c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
                      01:36:02.0466 0x256c TBS - ok
                      01:36:02.0606 0x256c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
                      01:36:02.0646 0x256c Tcpip - ok
                      01:36:02.0706 0x256c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
                      01:36:02.0746 0x256c TCPIP6 - ok
                      01:36:02.0776 0x256c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
                      01:36:02.0786 0x256c tcpipreg - ok
                      01:36:02.0806 0x256c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
                      01:36:02.0806 0x256c TDPIPE - ok
                      01:36:02.0846 0x256c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
                      01:36:02.0846 0x256c TDTCP - ok
                      01:36:02.0876 0x256c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
                      01:36:02.0876 0x256c tdx - ok
                      01:36:02.0926 0x256c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
                      01:36:02.0926 0x256c TermDD - ok
                      01:36:02.0996 0x256c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
                      01:36:03.0026 0x256c TermService - ok
                      01:36:03.0046 0x256c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
                      01:36:03.0056 0x256c Themes - ok
                      01:36:03.0076 0x256c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
                      01:36:03.0076 0x256c THREADORDER - ok
                      01:36:03.0086 0x256c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
                      01:36:03.0096 0x256c TrkWks - ok
                      01:36:03.0166 0x256c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
                      01:36:03.0176 0x256c TrustedInstaller - ok
                      01:36:03.0236 0x256c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
                      01:36:03.0236 0x256c tssecsrv - ok
                      01:36:03.0306 0x256c [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
                      01:36:03.0306 0x256c TsUsbFlt - ok
                      01:36:03.0366 0x256c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
                      01:36:03.0376 0x256c tunnel - ok
                      01:36:03.0436 0x256c [ 48743B69EA47C020A792D8649F753F44, 58BFF60271F62F5CB02A1181F44E94C230DF4A6EC5C072A476B2BED13239A70C ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
                      01:36:03.0446 0x256c TurboB - ok
                      01:36:03.0556 0x256c [ 759F59E3EA3802FF23F93DCDB6FE9171, DB5A6C1EDA10380C14A8C318D6C65ED691C36F726A6A20DB3038D8F55F1B76D8 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
                      01:36:03.0566 0x256c TurboBoost - ok
                      01:36:03.0596 0x256c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
                      01:36:03.0606 0x256c uagp35 - ok
                      01:36:03.0646 0x256c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
                      01:36:03.0666 0x256c udfs - ok
                      01:36:03.0696 0x256c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
                      01:36:03.0706 0x256c UI0Detect - ok
                      01:36:03.0746 0x256c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
                      01:36:03.0746 0x256c uliagpkx - ok
                      01:36:03.0796 0x256c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
                      01:36:03.0806 0x256c umbus - ok
                      01:36:03.0826 0x256c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
                      01:36:03.0826 0x256c UmPass - ok
                      01:36:03.0906 0x256c [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
                      01:36:03.0916 0x256c UMVPFSrv - ok
                      01:36:04.0096 0x256c [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                      01:36:04.0146 0x256c UNS - ok
                      01:36:04.0186 0x256c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
                      01:36:04.0196 0x256c upnphost - ok
                      01:36:04.0236 0x256c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
                      01:36:04.0236 0x256c usbaudio - ok
                      01:36:04.0286 0x256c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
                      01:36:04.0296 0x256c usbccgp - ok
                      01:36:04.0346 0x256c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
                      01:36:04.0346 0x256c usbcir - ok
                      01:36:04.0376 0x256c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
                      01:36:04.0376 0x256c usbehci - ok
                      01:36:04.0426 0x256c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
                      01:36:04.0436 0x256c usbhub - ok
                      01:36:04.0456 0x256c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
                      01:36:04.0466 0x256c usbohci - ok
                      01:36:04.0486 0x256c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
                      01:36:04.0496 0x256c usbprint - ok
                      01:36:04.0526 0x256c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
                      01:36:04.0536 0x256c USBSTOR - ok
                      01:36:04.0546 0x256c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
                      01:36:04.0556 0x256c usbuhci - ok
                      01:36:04.0616 0x256c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
                      01:36:04.0626 0x256c usbvideo - ok
                      01:36:04.0656 0x256c [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
                      01:36:04.0666 0x256c usb_rndisx - ok
                      01:36:04.0696 0x256c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
                      01:36:04.0706 0x256c UxSms - ok
                      01:36:04.0726 0x256c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] VaultSvc C:\Windows\system32\lsass.exe
                      01:36:04.0726 0x256c VaultSvc - ok
                      01:36:04.0766 0x256c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
                      01:36:04.0766 0x256c vdrvroot - ok
                      01:36:04.0816 0x256c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
                      01:36:04.0826 0x256c vds - ok
                      01:36:04.0856 0x256c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
                      01:36:04.0856 0x256c vga - ok
                      01:36:04.0876 0x256c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
                      01:36:04.0876 0x256c VgaSave - ok
                      01:36:04.0916 0x256c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
                      01:36:04.0916 0x256c vhdmp - ok
                      01:36:04.0956 0x256c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
                      01:36:04.0956 0x256c viaide - ok
                      01:36:04.0976 0x256c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
                      01:36:04.0986 0x256c volmgr - ok
                      01:36:05.0046 0x256c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
                      01:36:05.0066 0x256c volmgrx - ok
                      01:36:05.0086 0x256c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
                      01:36:05.0096 0x256c volsnap - ok
                      01:36:05.0136 0x256c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
                      01:36:05.0136 0x256c vsmraid - ok
                      01:36:05.0216 0x256c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
                      01:36:05.0246 0x256c VSS - ok
                      01:36:05.0276 0x256c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
                      01:36:05.0276 0x256c vwifibus - ok
                      01:36:05.0316 0x256c [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
                      01:36:05.0316 0x256c vwififlt - ok
                      01:36:05.0376 0x256c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
                      01:36:05.0396 0x256c W32Time - ok
                      01:36:05.0426 0x256c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
                      01:36:05.0426 0x256c WacomPen - ok
                      01:36:05.0486 0x256c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
                      01:36:05.0486 0x256c WANARP - ok
                      01:36:05.0486 0x256c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
                      01:36:05.0496 0x256c Wanarpv6 - ok
                      01:36:05.0606 0x256c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
                      01:36:05.0636 0x256c WatAdminSvc - ok
                      01:36:05.0746 0x256c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
                      01:36:05.0786 0x256c wbengine - ok
                      01:36:05.0836 0x256c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
                      01:36:05.0836 0x256c WbioSrvc - ok
                      01:36:05.0896 0x256c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
                      01:36:05.0906 0x256c wcncsvc - ok
                      01:36:05.0916 0x256c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
                      01:36:05.0916 0x256c WcsPlugInService - ok
                      01:36:05.0946 0x256c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
                      01:36:05.0946 0x256c Wd - ok
                      01:36:06.0006 0x256c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
                      01:36:06.0016 0x256c Wdf01000 - ok
                      01:36:06.0056 0x256c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
                      01:36:06.0056 0x256c WdiServiceHost - ok
                      01:36:06.0066 0x256c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
                      01:36:06.0066 0x256c WdiSystemHost - ok
                      01:36:06.0116 0x256c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
                      01:36:06.0136 0x256c WebClient - ok
                      01:36:06.0156 0x256c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
                      01:36:06.0166 0x256c Wecsvc - ok
                      01:36:06.0186 0x256c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
                      01:36:06.0186 0x256c wercplsupport - ok
                      01:36:06.0216 0x256c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
                      01:36:06.0226 0x256c WerSvc - ok
                      01:36:06.0266 0x256c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
                      01:36:06.0266 0x256c WfpLwf - ok
                      01:36:06.0286 0x256c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
                      01:36:06.0296 0x256c WIMMount - ok
                      01:36:06.0326 0x256c WinDefend - ok
                      01:36:06.0336 0x256c WinHttpAutoProxySvc - ok
                      01:36:06.0396 0x256c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
                      01:36:06.0406 0x256c Winmgmt - ok
                      01:36:06.0476 0x256c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
                      01:36:06.0526 0x256c WinRM - ok
                      01:36:06.0586 0x256c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
                      01:36:06.0586 0x256c WinUsb - ok
                      01:36:06.0656 0x256c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
                      01:36:06.0686 0x256c Wlansvc - ok
                      01:36:06.0876 0x256c [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                      01:36:06.0916 0x256c wlidsvc - ok
                      01:36:06.0946 0x256c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
                      01:36:06.0956 0x256c WmiAcpi - ok
                      01:36:06.0996 0x256c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
                      01:36:06.0996 0x256c wmiApSrv - ok
                      01:36:07.0046 0x256c WMPNetworkSvc - ok
                      01:36:07.0066 0x256c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
                      01:36:07.0066 0x256c WPCSvc - ok
                      01:36:07.0116 0x256c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
                      01:36:07.0116 0x256c WPDBusEnum - ok
                      01:36:07.0146 0x256c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
                      01:36:07.0146 0x256c ws2ifsl - ok
                      01:36:07.0166 0x256c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
                      01:36:07.0176 0x256c wscsvc - ok
                      01:36:07.0176 0x256c WSearch - ok
                      01:36:07.0306 0x256c [ AA3E844A2595B1AA5825C70CA50D963E, F9C7D64D9563CA5167EC9B0D957473B55C02E9456E041AE2CDA6ABFA9641D176 ] wuauserv C:\Windows\system32\wuaueng.dll
                      01:36:07.0366 0x256c wuauserv - ok
                      01:36:07.0406 0x256c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
                      01:36:07.0406 0x256c WudfPf - ok
                      01:36:07.0466 0x256c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
                      01:36:07.0486 0x256c WUDFRd - ok
                      01:36:07.0516 0x256c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
                      01:36:07.0526 0x256c wudfsvc - ok
                      01:36:07.0566 0x256c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
                      01:36:07.0576 0x256c WwanSvc - ok
                      01:36:07.0616 0x256c ================ Scan global ===============================
                      01:36:07.0646 0x256c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
                      01:36:07.0696 0x256c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
                      01:36:07.0706 0x256c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
                      01:36:07.0746 0x256c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
                      01:36:07.0786 0x256c [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
                      01:36:07.0796 0x256c [ Global ] - ok
                      01:36:07.0796 0x256c ================ Scan MBR ==================================
                      01:36:07.0796 0x256c [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
                      01:36:08.0136 0x256c \Device\Harddisk0\DR0 - ok
                      01:36:08.0136 0x256c ================ Scan VBR ==================================
                      01:36:08.0146 0x256c [ BFA44FF8101717B1551C4645C7A18314 ] \Device\Harddisk0\DR0\Partition1
                      01:36:08.0146 0x256c \Device\Harddisk0\DR0\Partition1 - ok
                      01:36:08.0146 0x256c [ D88FF1E1A7EDF33377DB1172937BE8E9 ] \Device\Harddisk0\DR0\Partition2
                      01:36:08.0146 0x256c \Device\Harddisk0\DR0\Partition2 - ok
                      01:36:08.0166 0x256c [ BC419AA097A3D2B451246D677FFFC603 ] \Device\Harddisk0\DR0\Partition3
                      01:36:08.0186 0x256c \Device\Harddisk0\DR0\Partition3 - ok
                      01:36:08.0186 0x256c ================ Scan generic autorun ======================
                      01:36:08.0666 0x256c [ EB7E02337F8586E48D544CD3FC6CEE62, DFA784EBA795656D2E9EC9346ADC815FFB0BE3CC333FF581FCE9CE6CD6BB9288 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                      01:36:08.0856 0x256c RtHDVCpl - ok
                      01:36:08.0866 0x256c SynTPEnh - ok
                      01:36:08.0886 0x256c [ F9C98AE9182EFD66467E05E1DB2DC764, F6CE070D95B30EB58B0EFE18014EAEB63F20CB6214D67D0B85454508B34E3655 ] C:\Windows\system32\igfxtray.exe
                      01:36:08.0896 0x256c IgfxTray - ok
                      01:36:08.0936 0x256c [ 171609A87B7EF490E67B4B4B986A1DD7, 6CA5AB65C5264AC35EA2548C21353036311799D9A5CA1D7F8F1FEF69818BF7A1 ] C:\Windows\system32\hkcmd.exe
                      01:36:08.0946 0x256c HotKeysCmds - ok
                      01:36:08.0986 0x256c [ 6E257CC7E39A38C492CE1F61CB632E57, 1250614B28FD6111617D2E497AA075E33BC97E28D480F53367D3AEAE929C42CE ] C:\Windows\system32\igfxpers.exe
                      01:36:08.0996 0x256c Persistence - ok
                      01:36:09.0146 0x256c [ 0EC1F5A5A08BFDE4F0D4BEFB3E4C8220, A4E3658ADEE125B18A1B0FC5A110113CA0CE4C705BFA499FAB88F0C13DA801C9 ] C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
                      01:36:09.0166 0x256c F-Secure Manager - ok
                      01:36:09.0196 0x256c [ D985CF1BAE6F263CCCF3E94DD7C52A6A, A480AC901864A6B459E20B1561AC6B0562A1F600D3F295BA4E32E7A5C4FEAE02 ] C:\Program Files (x86)\F-Secure\fshoster32.exe
                      01:36:09.0206 0x256c F-Secure Hoster (54599) - ok
                      01:36:09.0326 0x256c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
                      01:36:09.0356 0x256c Sidebar - ok
                      01:36:09.0376 0x256c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
                      01:36:09.0376 0x256c mctadmin - ok
                      01:36:09.0686 0x256c [ 2E570D03FA146EB4B1A40164B3873C7D, 7D3BE64F366B5D84CAD0B90A46B6D7746DA9A2BA6141FBC61792F8E34735C85D ] C:\Program Files\CCleaner\CCleaner64.exe
                      01:36:09.0826 0x256c CCleaner Monitoring - ok
                      01:36:09.0836 0x256c Waiting for KSN requests completion. In queue: 83
                      01:36:10.0836 0x256c Waiting for KSN requests completion. In queue: 83
                      01:36:11.0836 0x256c Waiting for KSN requests completion. In queue: 83
                      01:36:12.0866 0x256c AV detected via SS2: Computer Security, C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsavwsch.exe ( 9.10.15260.0 ), 0x40000 ( disabled : updated )
                      01:36:12.0876 0x256c Win FW state via NFP2: disabled
                      01:36:15.0356 0x256c ============================================================
                      01:36:15.0356 0x256c Scan finished
                      01:36:15.0356 0x256c ============================================================
                      01:36:15.0376 0x26bc Detected object count: 0
                      01:36:15.0376 0x26bc Actual detected object count: 0

                      Comment


                      • #12
                        Download Combofix naar je bureaublad.
                        (Dus niet naar een download map of temp map)

                        Extra nota... Zorg ervoor dat je Security software uitgeschakeld is tijdens het gebruik van Combofix.
                        Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                        Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                        Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                        Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                        Als Combofix vraagt om een update, dan staat je dit toe.

                        Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                        Deze kan je vinden als C:\combofix.txt.

                        Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                        * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                        • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                        • Illegal operation attempted on a registry key that has been marked for deletion.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          ComboFix 15-07-20.01 - TAB 20-07-2015 12:37:57.2.4 - x64
                          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4010.2349 [GMT 2:00]
                          Gestart vanuit: c:\users\TAB\Desktop\ComboFix.exe
                          AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
                          SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
                          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                          .
                          .
                          (((((((((((((((((((( Bestanden Gemaakt van 2015-06-20 to 2015-07-20 ))))))))))))))))))))))))))))))
                          .
                          .
                          2015-07-17 17:14 . 2015-07-17 17:14 -------- d-----w- c:\program files\CCleaner
                          2015-07-17 17:08 . 2015-06-19 18:25 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
                          2015-07-17 17:07 . 2015-07-09 17:58 37376 ----a-w- c:\windows\system32\wuapp.exe
                          2015-07-17 17:06 . 2015-07-02 21:08 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
                          2015-07-17 17:06 . 2015-07-02 19:45 491008 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
                          2015-07-17 17:06 . 2015-07-03 05:56 235216 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
                          2015-07-17 17:06 . 2015-07-02 20:12 615936 ----a-w- c:\windows\system32\ieui.dll
                          2015-07-17 17:06 . 2015-07-02 18:59 1545728 ----a-w- c:\windows\system32\urlmon.dll
                          2015-07-17 17:06 . 2015-07-03 06:23 293072 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
                          2015-07-17 17:06 . 2015-07-02 19:20 14453248 ----a-w- c:\windows\system32\ieframe.dll
                          2015-07-17 17:06 . 2015-07-02 20:49 25193984 ----a-w- c:\windows\system32\mshtml.dll
                          2015-07-17 17:06 . 2015-07-02 20:23 2885632 ----a-w- c:\windows\system32\iertutil.dll
                          2015-07-17 17:03 . 2015-06-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
                          2015-07-17 17:03 . 2015-06-11 17:56 7077376 ----a-w- c:\windows\system32\mstscax.dll
                          2015-07-17 17:03 . 2015-06-11 17:57 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
                          2015-07-17 17:03 . 2015-06-11 17:57 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
                          2015-07-17 17:03 . 2015-06-11 17:56 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
                          2015-07-17 17:03 . 2015-06-11 17:56 62976 ----a-w- c:\windows\system32\tsgqec.dll
                          2015-07-17 17:03 . 2015-06-11 17:57 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
                          2015-07-17 17:03 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
                          2015-07-17 17:03 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
                          2015-07-17 17:02 . 2015-04-27 19:23 188416 ----a-w- c:\windows\system32\cryptsvc.dll
                          2015-07-17 17:02 . 2015-04-27 19:04 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
                          2015-07-17 17:02 . 2015-04-27 19:04 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
                          2015-07-17 17:02 . 2015-04-27 19:23 1480192 ----a-w- c:\windows\system32\crypt32.dll
                          2015-07-17 17:02 . 2015-04-27 19:23 229376 ----a-w- c:\windows\system32\wintrust.dll
                          2015-07-17 17:02 . 2015-04-27 19:23 140288 ----a-w- c:\windows\system32\cryptnet.dll
                          2015-07-17 17:02 . 2015-04-27 19:05 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
                          2015-07-17 17:02 . 2015-04-27 19:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
                          2015-07-17 16:59 . 2015-07-01 20:43 60416 ----a-w- c:\windows\system32\msobjs.dll
                          2015-07-17 16:59 . 2015-07-01 20:27 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
                          2015-07-17 16:58 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll
                          2015-07-17 16:58 . 2015-06-15 21:45 1941504 ----a-w- c:\windows\system32\authui.dll
                          2015-07-17 16:58 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll
                          2015-07-17 16:58 . 2015-06-15 21:43 1805824 ----a-w- c:\windows\SysWow64\authui.dll
                          2015-07-17 16:58 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe
                          2015-07-17 16:58 . 2015-06-15 21:50 112064 ----a-w- c:\windows\system32\consent.exe
                          2015-07-17 16:58 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
                          2015-07-17 16:58 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
                          2015-07-17 16:58 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll
                          2015-07-17 16:58 . 2015-06-15 21:45 70656 ----a-w- c:\windows\system32\appinfo.dll
                          2015-07-17 16:58 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll
                          2015-07-17 16:58 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
                          2015-07-17 16:57 . 2015-07-09 17:58 726528 ----a-w- c:\windows\system32\generaltel.dll
                          2015-07-17 16:57 . 2015-07-09 17:58 765440 ----a-w- c:\windows\system32\invagent.dll
                          2015-07-17 16:57 . 2015-07-09 17:58 433664 ----a-w- c:\windows\system32\devinv.dll
                          2015-07-17 16:57 . 2015-07-09 17:58 1085440 ----a-w- c:\windows\system32\appraiser.dll
                          2015-07-17 16:57 . 2015-07-09 17:50 1145856 ----a-w- c:\windows\system32\aeinv.dll
                          2015-07-17 16:57 . 2015-07-09 17:59 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
                          2015-07-17 16:57 . 2015-07-09 17:58 67584 ----a-w- c:\windows\system32\acmigration.dll
                          2015-07-17 16:57 . 2015-07-09 17:58 227328 ----a-w- c:\windows\system32\aepdu.dll
                          2015-07-17 16:57 . 2015-07-03 16:52 372224 ----a-w- c:\windows\system32\atmfd.dll
                          2015-07-17 16:57 . 2015-07-03 18:05 41984 ----a-w- c:\windows\system32\lpk.dll
                          2015-07-17 16:57 . 2015-07-03 18:05 46080 ----a-w- c:\windows\system32\atmlib.dll
                          2015-07-17 16:57 . 2015-07-03 16:42 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
                          2015-07-17 16:56 . 2015-07-03 18:05 14336 ----a-w- c:\windows\system32\dciman32.dll
                          2015-07-17 16:56 . 2015-07-03 17:56 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
                          2015-07-17 16:56 . 2015-07-03 17:56 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
                          2015-07-17 16:56 . 2015-07-03 18:05 100864 ----a-w- c:\windows\system32\fontsub.dll
                          2015-07-17 16:56 . 2015-07-03 17:56 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
                          2015-07-17 16:56 . 2015-07-03 17:55 25600 ----a-w- c:\windows\SysWow64\lpk.dll
                          2015-07-14 18:09 . 2015-07-14 18:09 18524336 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
                          2015-06-23 23:29 . 2015-06-23 23:29 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
                          .
                          .
                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2015-07-19 12:42 . 2014-09-19 16:08 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
                          2015-07-14 18:10 . 2012-04-05 15:02 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                          2015-07-14 18:10 . 2011-07-29 14:12 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                          2015-07-03 06:43 . 2011-07-28 21:57 130333168 ----a-w- c:\windows\system32\MRT.exe
                          2015-06-23 11:30 . 2011-07-28 17:14 300704 ------w- c:\windows\system32\MpSigStub.exe
                          2015-06-18 06:41 . 2014-09-19 16:07 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
                          2015-06-18 06:41 . 2014-09-19 16:07 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                          2015-06-18 06:41 . 2012-09-07 11:16 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
                          2015-06-02 16:41 . 2015-06-11 16:43 121432 ----a-w- c:\windows\system32\drivers\RapportHades64.sys
                          2015-06-02 16:41 . 2013-05-14 17:49 376184 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
                          2015-05-25 18:24 . 2015-06-11 17:23 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
                          2015-05-25 18:21 . 2015-06-11 17:23 1728960 ----a-w- c:\windows\system32\ntdll.dll
                          2015-05-25 18:19 . 2015-06-11 17:22 243712 ----a-w- c:\windows\system32\wow64.dll
                          2015-05-25 18:19 . 2015-06-11 17:22 362496 ----a-w- c:\windows\system32\wow64win.dll
                          2015-05-25 18:19 . 2015-06-11 17:22 13312 ----a-w- c:\windows\system32\wow64cpu.dll
                          2015-05-25 18:19 . 2015-06-11 17:22 215040 ----a-w- c:\windows\system32\winsrv.dll
                          2015-05-25 18:19 . 2015-06-11 17:23 1255424 ----a-w- c:\windows\system32\diagtrack.dll
                          2015-05-25 18:19 . 2015-06-11 17:22 879104 ----a-w- c:\windows\system32\tdh.dll
                          2015-05-25 18:19 . 2015-06-11 17:22 503808 ----a-w- c:\windows\system32\srcore.dll
                          2015-05-25 18:19 . 2015-06-11 17:22 113664 ----a-w- c:\windows\system32\sechost.dll
                          2015-05-25 18:19 . 2015-06-11 17:22 50176 ----a-w- c:\windows\system32\srclient.dll
                          2015-05-25 18:19 . 2015-06-11 17:22 16384 ----a-w- c:\windows\system32\ntvdm64.dll
                          2015-05-25 18:19 . 2015-06-11 17:23 424960 ----a-w- c:\windows\system32\KernelBase.dll
                          2015-05-25 18:19 . 2015-06-11 17:23 1162752 ----a-w- c:\windows\system32\kernel32.dll
                          2015-05-25 18:18 . 2015-06-11 17:22 43520 ----a-w- c:\windows\system32\csrsrv.dll
                          2015-05-25 18:18 . 2015-06-11 17:23 879104 ----a-w- c:\windows\system32\advapi32.dll
                          2015-05-25 18:18 . 2015-06-11 17:22 404992 ----a-w- c:\windows\system32\tracerpt.exe
                          2015-05-25 18:18 . 2015-06-11 17:22 47104 ----a-w- c:\windows\system32\typeperf.exe
                          2015-05-25 18:18 . 2015-06-11 17:22 112640 ----a-w- c:\windows\system32\smss.exe
                          2015-05-25 18:18 . 2015-06-11 17:22 296960 ----a-w- c:\windows\system32\rstrui.exe
                          2015-05-25 18:18 . 2015-06-11 17:22 43008 ----a-w- c:\windows\system32\relog.exe
                          2015-05-25 18:18 . 2015-06-11 17:22 104448 ----a-w- c:\windows\system32\logman.exe
                          2015-05-25 18:18 . 2015-06-11 17:22 19456 ----a-w- c:\windows\system32\diskperf.exe
                          2015-05-25 18:18 . 2015-06-11 17:22 338432 ----a-w- c:\windows\system32\conhost.exe
                          2015-05-25 18:11 . 2015-06-11 17:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 6656 ----a-w- c:\windows\system32\apisetschema.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
                          2015-05-25 18:11 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
                          2015-05-25 18:07 . 2015-06-11 17:23 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
                          2015-05-25 18:07 . 2015-06-11 17:22 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
                          2015-05-25 18:04 . 2015-06-11 17:22 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
                          2015-05-25 18:01 . 2015-06-11 17:22 635392 ----a-w- c:\windows\SysWow64\tdh.dll
                          2015-05-25 18:01 . 2015-06-11 17:22 43008 ----a-w- c:\windows\SysWow64\srclient.dll
                          2015-05-25 18:01 . 2015-06-11 17:22 92160 ----a-w- c:\windows\SysWow64\sechost.dll
                          2015-05-25 18:01 . 2015-06-11 17:22 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
                          2015-05-25 18:01 . 2015-06-11 17:23 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
                          2015-05-25 18:01 . 2015-06-11 17:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
                          2015-05-25 18:00 . 2015-06-11 17:22 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
                          2015-05-25 18:00 . 2015-06-11 17:22 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
                          2015-05-25 18:00 . 2015-06-11 17:22 25600 ----a-w- c:\windows\SysWow64\setup16.exe
                          2015-05-25 18:00 . 2015-06-11 17:22 37888 ----a-w- c:\windows\SysWow64\relog.exe
                          2015-05-25 18:00 . 2015-06-11 17:22 82944 ----a-w- c:\windows\SysWow64\logman.exe
                          2015-05-25 18:00 . 2015-06-11 17:22 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
                          2015-05-25 17:59 . 2015-06-11 17:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll
                          2015-05-25 17:59 . 2015-06-11 17:22 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
                          2015-05-25 17:55 . 2015-06-11 17:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
                          .
                          .
                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                          REGEDIT4
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
                          @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                          [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                          2013-01-24 18:20 220632 ----a-w- c:\users\TAB\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
                          @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                          [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                          2013-01-24 18:20 220632 ----a-w- c:\users\TAB\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
                          @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                          [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                          2013-01-24 18:20 220632 ----a-w- c:\users\TAB\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
                          .
                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                          "F-Secure Manager"="c:\program files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2013-08-12 310208]
                          "F-Secure Hoster (54599)"="c:\program files (x86)\F-Secure\fshoster32.exe" [2013-10-30 191528]
                          .
                          c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                          Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                          "ConsentPromptBehaviorAdmin"= 5 (0x5)
                          "ConsentPromptBehaviorUser"= 3 (0x3)
                          "EnableUIADesktopToggle"= 0 (0x0)
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                          "LoadAppInit_DLLs"=1 (0x1)
                          "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                          @=""
                          .
                          R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                          R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
                          R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
                          R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                          R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
                          R3 fsccsys1346691823;F-Secure Content Control Driver;c:\windows\System32\drivers\fsccsys.sys;c:\windows\SYSNATIVE\drivers\fsccsys.sys [x]
                          R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                          R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
                          R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
                          R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\ drivers\mwac.sys [x]
                          R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                          R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
                          R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                          R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
                          R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                          S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
                          S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Dr ivers\RapportHades64.sys [x]
                          S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\Rap portKE64.sys [x]
                          S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]
                          S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]
                          S1 RapportCerberus_1412112;RapportCerberus_1412112;c:\programdata\Trusteer\Rapport\store\exts\RapportCe rberus\baseline\RapportCerberus64_1412112.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerb erus\baseline\RapportCerberus64_1412112.sys [x]
                          S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
                          S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
                          S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
                          S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
                          S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\F-Secure\fshoster32.exe;c:\program files (x86)\F-Secure\fshoster32.exe [x]
                          S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe;c:\program files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [x]
                          S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
                          S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
                          S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
                          S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
                          S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
                          S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
                          S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
                          S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]
                          S3 fsni;fsni;c:\program files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys;c:\program files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [x]
                          S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
                          S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
                          S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
                          .
                          .
                          Inhoud van de 'Gedeelde Taken' map
                          .
                          2015-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
                          - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 18:10]
                          .
                          .
                          --------- X64 Entries -----------
                          .
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
                          @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                          [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                          2013-01-24 18:20 244696 ----a-w- c:\users\TAB\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
                          @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                          [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                          2013-01-24 18:20 244696 ----a-w- c:\users\TAB\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
                          @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                          [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                          2013-01-24 18:20 244696 ----a-w- c:\users\TAB\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
                          "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-02 167704]
                          "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-02 392984]
                          "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-02 417560]
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
                          "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
                          .
                          ------- Bijkomende Scan -------
                          .
                          uLocal Page = c:\windows\system32\blank.htm
                          uStart Page = hxxp://samsung.msn.com
                          mLocal Page = c:\windows\SysWOW64\blank.htm
                          IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
                          IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                          IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
                          IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                          IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
                          TCP: DhcpNameServer = 192.168.178.1
                          FF - ProfilePath - c:\users\TAB\AppData\Roaming\Mozilla\Firefox\Profiles\flnocixi.default\
                          FF - prefs.js: browser.search.selectedEngine - Bing
                          FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
                          .
                          - - - - ORPHANS VERWIJDERD - - - -
                          .
                          Toolbar-Locked - (no file)
                          HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                          HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
                          .
                          .
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]
                          "ImagePath"="\"c:\program files (x86)\F-Secure\fshoster32.exe\" -hosterid:0"
                          .
                          --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
                          @Denied: (A 2) (Everyone)
                          @="FlashBroker"
                          "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
                          "Enabled"=dword:00000001
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
                          @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
                          @Denied: (A 2) (Everyone)
                          @="IFlashBroker6"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
                          @="{00020424-0000-0000-C000-000000000046}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          "Version"="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
                          @Denied: (A 2) (Everyone)
                          @="FlashBroker"
                          "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
                          "Enabled"=dword:00000001
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                          @Denied: (A 2) (Everyone)
                          @="Shockwave Flash Object"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
                          "ThreadingModel"="Apartment"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                          @="0"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                          @="ShockwaveFlash.ShockwaveFlash.18"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                          @="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                          @="ShockwaveFlash.ShockwaveFlash"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                          @Denied: (A 2) (Everyone)
                          @="Macromedia Flash Factory Object"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
                          "ThreadingModel"="Apartment"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                          @="FlashFactory.FlashFactory.1"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                          @="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                          @="FlashFactory.FlashFactory"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
                          @Denied: (A 2) (Everyone)
                          @="IFlashBroker6"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
                          @="{00020424-0000-0000-C000-000000000046}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          "Version"="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
                          "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                          00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]
                          @Denied: ) (Everyone)
                          "AgentIdentifier"="5c2e3b2e-2d23-4831-8441-71725948757d"
                          "AuthorizationCode"=""
                          "54599_AgentIdentifier"="5c2e3b2e-2d23-4831-8441-71725948757d"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
                          @Denied: (A) (Everyone)
                          "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
                          @Denied: (A) (Everyone)
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
                          "Key"="ActionsPane3"
                          "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                          @Denied: (Full) (Everyone)
                          .
                          Voltooingstijd: 2015-07-20 12:54:01
                          ComboFix-quarantined-files.txt 2015-07-20 10:54
                          .
                          Pre-Run: 7.534.522.368 bytes beschikbaar
                          Post-Run: 7.309.537.280 bytes beschikbaar
                          .
                          - - End Of File - - 270683048C0444C27A7001FF242D045C

                          Comment


                          • #14
                            DDS (Ver_2012-11-20.01) - NTFS_AMD64
                            Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.31.2
                            Run by TAB at 12:59:20 on 2015-07-20
                            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4010.1496 [GMT 2:00]
                            .
                            AV: Computer Security *Enabled/Outdated* {15414183-282E-D62C-CA37-EF24860A2F17}
                            SP: Computer Security *Enabled/Outdated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
                            SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                            .
                            ============== Running Processes ===============
                            .
                            C:\Windows\system32\lsm.exe
                            C:\Windows\system32\svchost.exe -k DcomLaunch
                            C:\Windows\system32\nvvsvc.exe
                            C:\Windows\system32\svchost.exe -k RPCSS
                            C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                            C:\Windows\system32\svchost.exe -k LocalService
                            C:\Windows\system32\svchost.exe -k netsvcs
                            C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
                            C:\Windows\system32\svchost.exe -k GPSvcGroup
                            C:\Windows\system32\svchost.exe -k NetworkService
                            C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                            C:\Windows\system32\nvvsvc.exe
                            C:\Windows\system32\WLANExt.exe
                            C:\Windows\System32\spoolsv.exe
                            C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                            C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
                            C:\Windows\System32\svchost.exe -k utcsvc
                            C:\Program Files (x86)\F-Secure\fshoster32.exe
                            C:\Windows\system32\taskhost.exe
                            C:\Windows\system32\Dwm.exe
                            C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
                            C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
                            C:\Windows\system32\taskeng.exe
                            C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
                            C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
                            C:\Windows\system32\svchost.exe -k imgsvc
                            C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                            C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
                            C:\Windows\system32\svchost.exe -k bthsvcs
                            C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                            C:\Windows\servicing\TrustedInstaller.exe
                            C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                            C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
                            C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
                            C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
                            C:\Windows\System32\hkcmd.exe
                            C:\Windows\System32\igfxpers.exe
                            C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
                            C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
                            C:\Program Files (x86)\F-Secure\fshoster32.exe
                            C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                            C:\Windows\system32\taskeng.exe
                            C:\Program Files\CCleaner\CCleaner64.exe
                            C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
                            C:\Windows\system32\SearchIndexer.exe
                            C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                            C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
                            C:\Program Files\Windows Media Player\wmpnetwk.exe
                            C:\Windows\SysWOW64\RunDll32.exe
                            C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
                            C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
                            C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
                            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                            C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
                            C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
                            C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
                            C:\Windows\system32\wbem\wmiprvse.exe
                            C:\Windows\system32\notepad.exe
                            C:\Windows\explorer.exe
                            C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                            C:\Windows\System32\cscript.exe
                            .
                            ============== Pseudo HJT Report ===============
                            .
                            uStart Page = hxxp://samsung.msn.com
                            BHO: Xs4all Online Safety: {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https.dll
                            BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
                            BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
                            BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
                            BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
                            BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
                            TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
                            uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                            mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash
                            mRun: [F-Secure Hoster (54599)] "C:\Program Files (x86)\F-Secure\fshoster32.exe" -app -hosterid:1
                            StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
                            uPolicies-Explorer: NoDrives = dword:0
                            mPolicies-Explorer: NoDrives = dword:0
                            mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                            mPolicies-System: ConsentPromptBehaviorUser = dword:3
                            mPolicies-System: EnableUIADesktopToggle = dword:0
                            IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
                            IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                            IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
                            IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                            IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                            IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
                            IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
                            IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
                            IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                            IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                            DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
                            DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
                            TCP: NameServer = 192.168.178.1
                            TCP: Interfaces\{D88B6D07-B42F-4016-A853-944085FB95CF} : DHCPNameServer = 192.168.178.1
                            TCP: Interfaces\{D88B6D07-B42F-4016-A853-944085FB95CF}\64259445A51224F6870264F6E60275C414E40273336303 : DHCPNameServer = 192.168.178.1
                            TCP: Interfaces\{E91EA3E8-0AB5-4467-AA08-E4E47BA7B5CE} : DHCPNameServer = 192.168.178.1
                            Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                            Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                            AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
                            x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
                            x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
                            x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
                            x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
                            x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
                            x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
                            x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
                            x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                            x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                            x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                            x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                            x64-Notify: igfxcui - igfxdev.dll
                            .
                            ================= FIREFOX ===================
                            .
                            FF - ProfilePath - C:\Users\TAB\AppData\Roaming\Mozilla\Firefox\Profiles\flnocixi.default\
                            FF - prefs.js: browser.search.selectedEngine - Bing
                            FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
                            FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
                            FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
                            FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
                            FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
                            FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
                            FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
                            FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                            FF - plugin: C:\Windows\System32\npmirage.dll
                            FF - plugin: C:\Windows\System32\npmproxy.dll
                            FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
                            .
                            ============= SERVICES / DRIVERS ===============
                            .
                            R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
                            R0 RapportHades64;RapportHades64;C:\Windows\System32\drivers\RapportHades64.sys [2015-6-11 121432]
                            R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-5-14 376184]
                            R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2014-11-4 69960]
                            R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2012-9-3 13248]
                            R1 RapportCerberus_1412112;RapportCerberus_1412112;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCe rberus\baseline\RapportCerberus64_1412112.sys [2015-6-25 917112]
                            R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-6-2 485368]
                            R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-6-2 480440]
                            R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2011-3-15 13824]
                            R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
                            R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\F-Secure\fshoster32.exe [2013-10-30 191528]
                            R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [2012-8-6 60352]
                            R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-6-2 2222360]
                            R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]
                            R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
                            R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-15 2656280]
                            R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-7-28 349736]
                            R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-7-28 39464]
                            R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-11-10 31088]
                            R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2012-9-3 202792]
                            R3 fsni;fsni;C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [2014-6-19 86056]
                            R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
                            R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-7 25816]
                            R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-15 412264]
                            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                            S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                            S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-19 1133880]
                            S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
                            S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
                            S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
                            S3 fsccsys1346691823;F-Secure Content Control Driver;C:\Windows\System32\drivers\fsccsys.sys [2012-9-3 58424]
                            S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-24 57280]
                            S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
                            S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-17 114688]
                            S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
                            S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
                            S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-19 63704]
                            S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-21 19456]
                            S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2011-7-28 166704]
                            S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-15 56832]
                            S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
                            S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-29 1255736]
                            .
                            =============== Created Last 30 ================
                            .
                            2015-07-20 10:54:11 -------- d-sh--w- C:\$RECYCLE.BIN
                            2015-07-20 10:34:38 256000 ----a-w- C:\Windows\PEV.exe
                            2015-07-20 10:34:38 208896 ----a-w- C:\Windows\MBR.exe
                            2015-07-20 10:34:37 98816 ----a-w- C:\Windows\sed.exe
                            2015-07-17 17:14:32 -------- d-----w- C:\Program Files\CCleaner
                            2015-07-17 17:08:45 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
                            2015-07-17 17:07:53 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
                            2015-07-17 17:06:58 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
                            2015-07-17 17:06:58 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                            2015-07-17 17:06:57 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
                            2015-07-17 17:06:56 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
                            2015-07-17 17:03:51 429568 ----a-w- C:\Windows\System32\wksprt.exe
                            2015-07-17 17:03:47 7077376 ----a-w- C:\Windows\System32\mstscax.dll
                            2015-07-17 17:03:35 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
                            2015-07-17 17:03:30 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
                            2015-07-17 17:03:28 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
                            2015-07-17 17:03:27 62976 ----a-w- C:\Windows\System32\tsgqec.dll
                            2015-07-17 17:03:26 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
                            2015-07-17 17:03:12 2087424 ----a-w- C:\Windows\System32\ole32.dll
                            2015-07-17 17:03:09 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
                            2015-07-17 17:02:14 188416 ----a-w- C:\Windows\System32\cryptsvc.dll
                            2015-07-17 17:02:14 143872 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
                            2015-07-17 17:02:13 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
                            2015-07-17 17:02:07 1480192 ----a-w- C:\Windows\System32\crypt32.dll
                            2015-07-17 17:02:05 229376 ----a-w- C:\Windows\System32\wintrust.dll
                            2015-07-17 17:02:04 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
                            2015-07-17 17:02:04 140288 ----a-w- C:\Windows\System32\cryptnet.dll
                            2015-07-17 17:02:03 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
                            2015-07-17 16:59:58 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
                            2015-07-17 16:59:58 60416 ----a-w- C:\Windows\System32\msobjs.dll
                            2015-07-17 16:58:52 3242496 ----a-w- C:\Windows\System32\msi.dll
                            2015-07-17 16:58:50 1941504 ----a-w- C:\Windows\System32\authui.dll
                            2015-07-17 16:58:49 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
                            2015-07-17 16:58:48 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
                            2015-07-17 16:58:47 128000 ----a-w- C:\Windows\System32\msiexec.exe
                            2015-07-17 16:58:46 112064 ----a-w- C:\Windows\System32\consent.exe
                            2015-07-17 16:58:43 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
                            2015-07-17 16:58:43 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
                            2015-07-17 16:58:42 504320 ----a-w- C:\Windows\System32\msihnd.dll
                            2015-07-17 16:58:41 70656 ----a-w- C:\Windows\System32\appinfo.dll
                            2015-07-17 16:58:41 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
                            2015-07-17 16:58:41 25088 ----a-w- C:\Windows\System32\msimsg.dll
                            2015-07-17 16:57:09 765440 ----a-w- C:\Windows\System32\invagent.dll
                            2015-07-17 16:57:09 726528 ----a-w- C:\Windows\System32\generaltel.dll
                            2015-07-17 16:57:09 433664 ----a-w- C:\Windows\System32\devinv.dll
                            2015-07-17 16:57:09 1145856 ----a-w- C:\Windows\System32\aeinv.dll
                            2015-07-17 16:57:09 1085440 ----a-w- C:\Windows\System32\appraiser.dll
                            2015-07-17 16:57:08 67584 ----a-w- C:\Windows\System32\acmigration.dll
                            2015-07-17 16:57:08 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
                            2015-07-17 16:57:07 227328 ----a-w- C:\Windows\System32\aepdu.dll
                            2015-07-17 16:57:01 372224 ----a-w- C:\Windows\System32\atmfd.dll
                            2015-07-17 16:57:00 46080 ----a-w- C:\Windows\System32\atmlib.dll
                            2015-07-17 16:57:00 41984 ----a-w- C:\Windows\System32\lpk.dll
                            2015-07-17 16:57:00 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
                            2015-07-17 16:56:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
                            2015-07-17 16:56:59 14336 ----a-w- C:\Windows\System32\dciman32.dll
                            2015-07-17 16:56:59 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
                            2015-07-17 16:56:58 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
                            2015-07-17 16:56:58 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
                            2015-07-17 16:56:58 100864 ----a-w- C:\Windows\System32\fontsub.dll
                            2015-07-14 18:09:46 18524336 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
                            2015-06-23 23:29:00 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
                            .
                            ==================== Find3M ====================
                            .
                            2015-07-19 12:42:35 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                            2015-07-14 18:10:14 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                            2015-07-14 18:10:14 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                            2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
                            2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
                            2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
                            2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
                            2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
                            2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
                            2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
                            2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
                            2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                            2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
                            2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
                            2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
                            2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
                            2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
                            2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
                            2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
                            2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
                            2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
                            2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
                            2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
                            2015-07-01 20:49:11 729088 ----a-w- C:\Windows\System32\kerberos.dll
                            2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
                            2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
                            2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
                            2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
                            2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
                            2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
                            2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
                            2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
                            2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
                            2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
                            2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                            2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
                            2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
                            2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
                            2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
                            2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
                            2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
                            2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                            2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
                            2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
                            2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
                            2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
                            2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
                            2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
                            2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
                            2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
                            2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                            2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
                            2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
                            2015-06-23 11:30:20 300704 ------w- C:\Windows\System32\MpSigStub.exe
                            2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                            2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
                            2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                            2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
                            2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
                            2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
                            2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
                            2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
                            2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                            2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                            2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
                            2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
                            2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
                            2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
                            2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                            2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
                            2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
                            2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                            2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                            2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                            2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
                            2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
                            2015-06-18 06:41:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
                            2015-06-18 06:41:44 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
                            2015-06-18 06:41:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
                            2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
                            2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
                            2015-06-09 18:03:22 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
                            2015-06-09 18:03:22 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
                            2015-06-02 16:41:06 376184 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
                            2015-06-02 16:41:06 121432 ----a-w- C:\Windows\System32\drivers\RapportHades64.sys
                            2015-06-02 00:07:15 254976 ----a-w- C:\Windows\System32\cewmdm.dll
                            2015-06-01 23:47:09 210432 ----a-w- C:\Windows\SysWow64\cewmdm.dll
                            2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
                            2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
                            2015-05-25 18:19:27 362496 ----a-w- C:\Windows\System32\wow64win.dll
                            2015-05-25 18:19:27 243712 ----a-w- C:\Windows\System32\wow64.dll
                            2015-05-25 18:19:27 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
                            2015-05-25 18:19:26 215040 ----a-w- C:\Windows\System32\winsrv.dll
                            2015-05-25 18:19:13 1255424 ----a-w- C:\Windows\System32\diagtrack.dll
                            2015-05-25 18:19:10 879104 ----a-w- C:\Windows\System32\tdh.dll
                            2015-05-25 18:19:09 503808 ----a-w- C:\Windows\System32\srcore.dll
                            2015-05-25 18:19:09 50176 ----a-w- C:\Windows\System32\srclient.dll
                            2015-05-25 18:19:09 113664 ----a-w- C:\Windows\System32\sechost.dll
                            2015-05-25 18:19:04 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
                            2015-05-25 18:19:02 424960 ----a-w- C:\Windows\System32\KernelBase.dll
                            .
                            ============= FINISH: 13:00:13,21 ===============

                            Comment


                            • #15
                              Ik merk géén verdachte zaken op in je logs.

                              Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                              ComboFix /Uninstall

                              Zorg ervoor dat er dus een spatie is tussen Combofix en /
                              Daarna klik je op Enter.


                              Klik op de afbeelding om te vergroten....


                              Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
                              verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
                              en reset je Systeemherstel opnieuw.




                              Download of Update Ccleaner

                              Start CCleaner op.
                              • Run Ccleaner en klik in de linkse kolom op Opties
                              • Selecteer het tabblad Geavanceerd
                              • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                              • Selecteer het tabblad Instellingen
                              • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                              • Klik in de linkse kolom op Cleaner.
                              • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                              • Klik vervolgens in de linkse kolom op Register
                              • Klik op Scan naar problemen.
                              • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                              • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                              .


                              Emphyrio
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X