Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Marcitus

Notebook lento e travando

Recommended Posts

Boa tarde, Analista!

Conforme instruções, segue abaixo os logs.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537

Run by Hachmann at 12:35:18 on 2013-07-31

Microsoft Windows 8 Single Language 6.2.9200.0.1252.55.1046.18.1748.767 [GMT -3:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\windows\system32\dashost.exe

C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\System32\dwm.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\windows\system32\taskhostex.exe

C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Samsung\Settings\sSettings.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe

C:\windows\system32\igfxext.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Bluetooth Suite\BtTray.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Windows\System32\RuntimeBroker.exe

C:\windows\syswow64\wwahost.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\msiexec.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://samsung13.msn.com

uDefault_Page_URL = hxxp://samsung13.msn.com

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Google Update] "C:\Users\Hachmann\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"

mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mPolicies-System: DisableCAD = dword:1

IE: &Enviar para o OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.25.1

TCP: Interfaces\{347ECC0F-6BDF-4A97-AD01-EF5CCD95EFFC} : DHCPNameServer = 192.168.25.1

TCP: Interfaces\{AF6FCA6E-3B52-41F0-9EFC-D77B9D27B91D} : DHCPNameServer = 192.168.25.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [btTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"

x64-Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-mPolicies-System: DisableCAD = dword:1

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Hachmann\AppData\Roaming\Mozilla\Firefox\Profiles\whckfxvn.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

FF - plugin: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

FF - plugin: C:\Users\Hachmann\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Users\Hachmann\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Hachmann\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Hachmann\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - ExtSQL: 2013-06-08 10:45; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn

FF - ExtSQL: 2013-06-17 21:58; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\windows\System32\Drivers\aswRvrt.sys [2013-6-17 65336]

R0 aswVmm;aswVmm;C:\windows\System32\Drivers\aswVmm.sys [2013-6-17 189936]

R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-10-9 645952]

R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-6-17 1030952]

R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-6-17 378944]

R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00B\ccSetx64.sys [2012-10-9 168608]

R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-10-9 92536]

R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-6-17 33400]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-6-17 80816]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-10 211584]

R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-9-5 1593976]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-10-9 128896]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-9 165760]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-12 144368]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-10 3939008]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-9 364416]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-8-10 323584]

R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2012-10-9 88728]

R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2012-10-9 344216]

R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2012-10-9 114840]

R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2012-10-9 33944]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2012-10-9 178840]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2012-10-9 76952]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2012-10-9 135832]

R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2012-10-9 567808]

R3 BthLEEnum;Driver de Baixa Energia do Bluetooth;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]

R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-12 169048]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-4-11 138912]

R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130607.001\IDSviA64.sys [2013-6-7 513184]

R3 IntcDAud;Áudio do vídeo Intel®;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-18 342528]

R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-8-4 23408]

R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-10-9 683664]

R3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-6-12 493656]

R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-6-12 1139800]

R3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-6-12 224416]

R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-6-12 433752]

S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-17 46808]

S3 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2012-10-9 30056]

S4 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-6-12 23448]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-07-25 23:17:18 289968 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10211.bin

2013-07-22 06:08:47 -------- d-----w- C:\Users\Hachmann\AppData\Local\Apple Computer

2013-07-21 20:51:58 997632 ----a-w- C:\windows\System32\drivers\ndis.sys

2013-07-18 23:16:39 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-07-16 03:04:19 144384 ----a-w- C:\windows\System32\tssdisai.dll

2013-07-12 23:09:00 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-12 23:09:00 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-07-10 13:13:54 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-07-10 13:13:53 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-07-10 04:03:00 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll

2013-07-10 04:02:55 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 04:02:51 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2013-07-10 04:02:49 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2013-07-10 04:02:46 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2013-07-10 04:02:41 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll

2013-07-10 04:02:37 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll

2013-07-10 03:55:56 1838080 ----a-w- C:\windows\System32\DWrite.dll

2013-07-10 03:55:54 1421312 ----a-w- C:\windows\SysWow64\DWrite.dll

2013-07-10 03:54:30 595968 ----a-w- C:\windows\System32\qedit.dll

2013-07-10 03:54:29 496640 ----a-w- C:\windows\SysWow64\qedit.dll

2013-07-10 03:54:26 4036096 ----a-w- C:\windows\System32\win32k.sys

2013-07-10 03:53:19 3958784 ----a-w- C:\windows\System32\jscript9.dll

2013-07-10 03:51:37 2842112 ----a-w- C:\windows\System32\WMVDECOD.DLL

2013-07-10 03:51:33 2620928 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL

2013-07-09 01:02:06 -------- d-----w- C:\Users\Hachmann\AppData\Local\Cyberlink

2013-07-06 01:26:06 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

2013-07-06 01:25:04 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll

2013-07-06 01:25:04 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

2013-07-06 00:27:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll

2013-07-06 00:27:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll

2013-07-06 00:27:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll

2013-07-06 00:27:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll

2013-07-06 00:27:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll

2013-07-06 00:23:31 -------- d-----w- C:\Users\Hachmann\AppData\Local\Apple

2013-07-05 21:57:54 -------- d-----r- C:\Notes

2013-07-02 19:13:55 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2013-07-02 19:13:55 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2013-07-02 19:13:49 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

.

==================== Find3M ====================

.

2013-06-28 14:37:29 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys

2013-06-28 14:37:29 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2013-06-19 00:42:59 177312 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS

2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll

2013-06-01 11:54:16 194816 ----a-w- C:\windows\System32\drivers\sdbus.sys

2013-06-01 11:54:10 125184 ----a-w- C:\windows\System32\drivers\dumpsd.sys

2013-06-01 11:34:21 2391280 ----a-w- C:\windows\explorer.exe

2013-06-01 11:33:13 2233600 ----a-w- C:\windows\System32\drivers\tcpip.sys

2013-06-01 11:29:35 337152 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS

2013-06-01 11:29:35 213248 ----a-w- C:\windows\System32\drivers\UCX01000.SYS

2013-06-01 11:26:33 327936 ----a-w- C:\windows\System32\drivers\volsnap.sys

2013-06-01 11:26:31 6987008 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-06-01 10:24:46 2106176 ----a-w- C:\windows\SysWow64\explorer.exe

2013-06-01 09:25:52 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll

2013-06-01 09:25:05 67584 ----a-w- C:\windows\SysWow64\samlib.dll

2013-06-01 09:24:19 493056 ----a-w- C:\windows\SysWow64\mscms.dll

2013-06-01 09:24:09 850944 ----a-w- C:\windows\SysWow64\mfasfsrcsnk.dll

2013-06-01 09:24:09 1453568 ----a-w- C:\windows\SysWow64\mfcore.dll

2013-06-01 09:23:46 1842176 ----a-w- C:\windows\SysWow64\dwmcore.dll

2013-06-01 09:23:06 680960 ----a-w- C:\windows\System32\vds.exe

2013-06-01 09:22:47 80896 ----a-w- C:\windows\System32\MbaeParserTask.exe

2013-06-01 09:22:33 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll

2013-06-01 09:22:33 446976 ----a-w- C:\windows\System32\wwansvc.dll

2013-06-01 09:22:09 190976 ----a-w- C:\windows\System32\vdsutil.dll

2013-06-01 09:21:39 729600 ----a-w- C:\windows\System32\samsrv.dll

2013-06-01 09:21:39 106496 ----a-w- C:\windows\System32\samlib.dll

2013-06-01 09:20:45 583168 ----a-w- C:\windows\System32\mscms.dll

2013-06-01 09:20:34 1527808 ----a-w- C:\windows\System32\mfcore.dll

2013-06-01 09:20:34 1048576 ----a-w- C:\windows\System32\mfasfsrcsnk.dll

2013-06-01 09:20:04 2219520 ----a-w- C:\windows\System32\dwmcore.dll

2013-06-01 09:19:58 207872 ----a-w- C:\windows\System32\DeviceSetupManager.dll

2013-06-01 09:19:42 785408 ----a-w- C:\windows\System32\audiosrv.dll

2013-06-01 03:08:57 37632 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys

2013-05-24 22:09:20 1403296 ----a-w- C:\windows\System32\winload.efi

2013-05-24 22:09:20 1271584 ----a-w- C:\windows\System32\winload.exe

2013-05-24 22:09:20 1217352 ----a-w- C:\windows\System32\winresume.efi

2013-05-24 22:09:20 1093904 ----a-w- C:\windows\System32\winresume.exe

2013-05-23 23:01:46 1300992 ----a-w- C:\windows\System32\gdi32.dll

2013-05-23 22:27:05 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll

2013-05-23 05:25:28 1139800 ----a-w- C:\windows\System32\drivers\NISx64\1404000.028\symefa64.sys

2013-05-21 05:02:00 493656 ----a-w- C:\windows\System32\drivers\NISx64\1404000.028\symds64.sys

2013-05-16 05:02:14 796760 ----a-w- C:\windows\System32\drivers\NISx64\1404000.028\srtsp64.sys

2013-05-15 22:37:03 44032 ----a-w- C:\windows\SysWow64\UXInit.dll

2013-05-15 22:35:49 53760 ----a-w- C:\windows\System32\UXInit.dll

2013-05-15 02:25:59 888320 ----a-w- C:\windows\System32\autochk.exe

2013-05-15 02:25:44 542208 ----a-w- C:\windows\System32\untfs.dll

2013-05-15 02:24:10 793088 ----a-w- C:\windows\SysWow64\autochk.exe

2013-05-15 02:24:01 482816 ----a-w- C:\windows\SysWow64\untfs.dll

2013-05-14 13:14:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2013-05-14 09:23:31 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-05-09 08:59:07 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2013-05-09 08:59:07 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys

2013-05-09 08:59:06 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2013-05-09 08:58:37 41664 ----a-w- C:\windows\avastSS.scr

2013-05-04 07:58:17 120736 ----a-w- C:\windows\System32\AuthHost.exe

2013-05-04 07:34:17 446720 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS

2013-05-04 07:34:15 284416 ----a-w- C:\windows\System32\drivers\spaceport.sys

2013-05-04 06:59:56 39424 ----a-w- C:\windows\System32\wuapp.exe

2013-05-04 06:59:51 1483776 ----a-w- C:\windows\System32\VSSVC.exe

2013-05-04 06:59:36 812544 ----a-w- C:\windows\System32\Magnify.exe

2013-05-04 06:59:25 98304 ----a-w- C:\windows\System32\wudriver.dll

2013-05-04 06:59:25 251904 ----a-w- C:\windows\System32\WUSettingsProvider.dll

2013-05-04 06:59:25 141824 ----a-w- C:\windows\System32\wuwebv.dll

2013-05-04 06:59:24 1619968 ----a-w- C:\windows\System32\wucltux.dll

2013-05-04 06:59:08 13644288 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll

2013-05-04 06:58:54 328192 ----a-w- C:\windows\System32\ubpm.dll

2013-05-04 06:58:54 10116096 ----a-w- C:\windows\System32\twinui.dll

2013-05-04 06:58:49 173568 ----a-w- C:\windows\System32\storewuauth.dll

2013-05-04 06:58:49 1332736 ----a-w- C:\windows\System32\sysmain.dll

2013-05-04 06:58:48 330240 ----a-w- C:\windows\System32\stobject.dll

2013-05-04 06:58:28 93696 ----a-w- C:\windows\System32\psmsrv.dll

2013-05-04 06:58:02 470528 ----a-w- C:\windows\System32\netprofmsvc.dll

2013-05-04 06:58:02 151552 ----a-w- C:\windows\System32\netprofm.dll

2013-05-04 06:58:01 169984 ----a-w- C:\windows\System32\netplwiz.dll

2013-05-04 06:57:59 17408 ----a-w- C:\windows\System32\muifontsetup.dll

2013-05-04 06:57:46 560640 ----a-w- C:\windows\System32\mfmp4srcsnk.dll

2013-05-04 06:57:15 501760 ----a-w- C:\windows\System32\DevicePairing.dll

2013-05-04 06:57:05 179712 ----a-w- C:\windows\System32\bisrv.dll

2013-05-04 06:57:05 122368 ----a-w- C:\windows\System32\biwinrt.dll

2013-05-04 06:57:04 389120 ----a-w- C:\windows\System32\BCP47Langs.dll

2013-05-04 06:57:04 2305024 ----a-w- C:\windows\System32\authui.dll

2013-05-04 06:57:00 708096 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll

2013-05-04 06:57:00 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll

2013-05-04 06:56:53 419840 ----a-w- C:\windows\System32\intl.cpl

2013-05-04 04:58:34 34304 ----a-w- C:\windows\SysWow64\wuapp.exe

2013-05-04 04:58:14 758784 ----a-w- C:\windows\SysWow64\Magnify.exe

2013-05-04 04:58:02 83968 ----a-w- C:\windows\SysWow64\wudriver.dll

2013-05-04 04:58:02 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll

2013-05-04 04:57:49 10788864 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll

2013-05-04 04:57:39 8857088 ----a-w- C:\windows\SysWow64\twinui.dll

2013-05-04 04:57:39 247296 ----a-w- C:\windows\SysWow64\ubpm.dll

2013-05-04 04:57:35 303616 ----a-w- C:\windows\SysWow64\stobject.dll

2013-05-04 04:57:16 18432 ----a-w- C:\windows\SysWow64\npmproxy.dll

2013-05-04 04:57:04 151040 ----a-w- C:\windows\SysWow64\netplwiz.dll

2013-05-04 04:57:04 115712 ----a-w- C:\windows\SysWow64\netprofm.dll

2013-05-04 04:57:02 14336 ----a-w- C:\windows\SysWow64\muifontsetup.dll

2013-05-04 04:56:48 411136 ----a-w- C:\windows\SysWow64\mfmp4srcsnk.dll

2013-05-04 04:56:14 449536 ----a-w- C:\windows\SysWow64\DevicePairing.dll

.

============= FINISH: 12:36:54,75 ===============

LOG Attach.txt:rolleyes:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Single Language

Boot Device: \Device\HarddiskVolume2

Install Date: 10/04/2013 06:47:39

System Uptime: 30/07/2013 19:37:46 (17 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NP300E4C-AD4BR

Processor: Intel® Celeron® CPU B820 @ 1.70GHz | CPU Socket - U3E1 | 1700/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 273 GiB total, 177,184 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP21: 10/07/2013 11:16:12 - Windows Update

RP22: 16/07/2013 00:16:58 - Windows Update

RP23: 21/07/2013 00:25:13 - Windows Update

RP24: 26/07/2013 14:27:01 - Windows Update

RP25: 28/07/2013 18:44:59 - Installed Unicode Phonetic Keyboard (UCL) - 1.10

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader XI - Português

Apple Software Update

Audacity 2.0.3

avast! Free Antivirus

CyberLink Power2Go 8

CyberLink PowerDVD 10

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

E-POP

Easy File Share

Foto-galerija

Fotograf Galerisi

Galeria de Fotos

Galería de fotos

Google Chrome

Google Drive

Google Earth

Google Talk Plugin

Google Update Helper

Help Desk

Intel AppUp(SM) center

Intel® Manageability Engine Firmware Recovery Agent

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Trusted Connect Service Client

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Movie Maker

Mozilla Firefox 22.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSVCRT110

MSVCRT110_amd64

Norton Internet Security

Norton Online Backup

Norton Online Backup ARA

NVIDIA Control Panel 305.46

NVIDIA Graphics Driver 305.46

NVIDIA Install Application

NVIDIA Optimus 1.10.8

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0613

NVIDIA Update Components

Photo Common

Photo Gallery

Plants vs. Zombies

Plugin Letras.mus.br 1.20

Qualcomm Atheros Bluetooth Suite (64)

Qualcomm Atheros Client Installation Program

QuickTime

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recovery

S Agent

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Settings

SoulseekQt

Suporte para Aplicativos Apple

Support Center

Support Center FAQ

SW Update

Synaptics Pointing Device Driver

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

User Guide

VLC media player 2.0.6

Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.20 (32-bit)

.

==== End Of File ===========================

e o log gmer.txt :confused:

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-07-31 12:52:39

Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000039 TOSHIBA_MQ01ABD032 rev.AX001F 298,09GB

Running: gmer.exe; Driver: C:\Users\Hachmann\AppData\Local\Temp\pxloqpow.sys

---- User code sections - GMER 2.1 ----

.text C:\windows\system32\csrss.exe[580] C:\windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\wininit.exe[664] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\services.exe[800] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\lsass.exe[808] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\svchost.exe[896] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\nvvsvc.exe[960] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\svchost.exe[1000] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\System32\svchost.exe[400] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\svchost.exe[560] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\svchost.exe[1052] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\System32\svchost.exe[1180] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\svchost.exe[1324] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\System32\spoolsv.exe[1636] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\svchost.exe[1676] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1928] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\dashost.exe[1980] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1312] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\windows\system32\svchost.exe[1844] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\windows\system32\svchost.exe[1844] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\windows\system32\svchost.exe[1844] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\windows\system32\svchost.exe[1844] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\windows\system32\svchost.exe[1844] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\windows\system32\svchost.exe[1844] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\windows\system32\svchost.exe[2596] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\windows\system32\svchost.exe[2596] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\windows\system32\svchost.exe[2652] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\windows\system32\svchost.exe[2652] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\windows\system32\SearchIndexer.exe[3436] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\user32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\user32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\windows\system32\wbem\wmiprvse.exe[3300] C:\windows\SYSTEM32\user32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f8556c1b32 4 bytes [6C, 55, F8, 07]

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1512] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f8556c1b3a 4 bytes [6C, 55, F8, 07]

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\windows\System32\WinLogon.exe[3316] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\windows\System32\dwm.exe[3572] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\windows\System32\dwm.exe[3572] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\windows\System32\dwm.exe[3572] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\windows\System32\dwm.exe[3572] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\windows\System32\dwm.exe[3572] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\windows\System32\dwm.exe[3572] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f85dd71532 4 bytes [D7, 5D, F8, 07]

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f85dd7153a 4 bytes [D7, 5D, F8, 07]

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7136] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f85dd7165a 4 bytes [D7, 5D, F8, 07]

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\user32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\user32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\windows\system32\taskhostex.exe[2708] C:\windows\SYSTEM32\user32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\windows\Explorer.EXE[3056] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\Explorer.EXE[3056] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\windows\Explorer.EXE[3056] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\windows\Explorer.EXE[3056] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\windows\Explorer.EXE[3056] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\windows\Explorer.EXE[3056] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\windows\Explorer.EXE[3056] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\windows\Explorer.EXE[3056] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f86317177a 4 bytes [17, 63, F8, 07]

.text C:\windows\Explorer.EXE[3056] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f863171782 4 bytes [17, 63, F8, 07]

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f85dd71532 4 bytes [D7, 5D, F8, 07]

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f85dd7153a 4 bytes [D7, 5D, F8, 07]

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f85dd7165a 4 bytes [D7, 5D, F8, 07]

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7100] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\windows\system32\igfxext.exe[4300] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\windows\system32\igfxext.exe[4300] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\windows\system32\igfxext.exe[4300] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\windows\system32\igfxext.exe[4300] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\windows\system32\igfxext.exe[4300] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\windows\system32\igfxext.exe[4300] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f85dd71532 4 bytes [D7, 5D, F8, 07]

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f85dd7153a 4 bytes [D7, 5D, F8, 07]

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f85dd7165a 4 bytes [D7, 5D, F8, 07]

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4988] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f85dd71532 4 bytes [D7, 5D, F8, 07]

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f85dd7153a 4 bytes [D7, 5D, F8, 07]

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f85dd7165a 4 bytes [D7, 5D, F8, 07]

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f8556c1b32 4 bytes [6C, 55, F8, 07]

.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3624] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f8556c1b3a 4 bytes [6C, 55, F8, 07]

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\Windows\System32\hkcmd.exe[4552] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f86317177a 4 bytes [17, 63, F8, 07]

.text C:\Windows\System32\igfxpers.exe[4712] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f863171782 4 bytes [17, 63, F8, 07]

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\Windows\System32\RuntimeBroker.exe[3348] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8639b2d60 5 bytes JMP 000007f8e3b80b14

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8639b2dc0 5 bytes JMP 000007f8e3b80ecc

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8639b2ea0 5 bytes JMP 000007f8e3b8163c

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8639b30e0 5 bytes JMP 000007f8e3b81284

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8639b4251 5 bytes JMP 000007f8e3b819f4

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8639c4a10 5 bytes JMP 000007f8e3b8075c

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8639e31c4 5 bytes JMP 000007f8e3b803a4

.text C:\windows\System32\svchost.exe[3644] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f86375f7eb 1 byte [62]

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007f8613a7510 5 bytes JMP 000007f8e13f0b14

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8613a7550 5 bytes JMP 000007f8e13f19f4

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007f8613a75d0 5 bytes JMP 000007f8e13f075c

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8613a7b20 5 bytes JMP 000007f8e13f1284

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007f8613cb034 5 bytes JMP 000007f8e13f03a4

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8613cb2e4 5 bytes JMP 000007f8e13f163c

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8613cb470 5 bytes JMP 000007f8e13f0ecc

.text C:\windows\System32\svchost.exe[3644] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8613cb6d4 5 bytes JMP 000007f8e13f1dac

.text C:\windows\System32\svchost.exe[3644] C:\windows\system32\USER32.dll!UnhookWindowsHookEx 000007f863022120 5 bytes JMP 000007f8e3171284

.text C:\windows\System32\svchost.exe[3644] C:\windows\system32\USER32.dll!SetWindowsHookExW 000007f86302bee0 5 bytes JMP 000007f8e3170ecc

.text C:\windows\System32\svchost.exe[3644] C:\windows\system32\USER32.dll!UnhookWinEvent 000007f86302e030 5 bytes JMP 000007f8e317075c

.text C:\windows\System32\svchost.exe[3644] C:\windows\system32\USER32.dll!SetWinEventHook 000007f863032f70 5 bytes JMP 000007f8e31703a4

.text C:\windows\System32\svchost.exe[3644] C:\windows\system32\USER32.dll!SetWindowsHookExA 000007f863051850 5 bytes JMP 000007f8e3170b14

---- Threads - GMER 2.1 ----

Thread C:\windows\System32\svchost.exe [400:5344] 000007f858fed594

Thread C:\windows\System32\svchost.exe [400:5356] 000007f858fe4150

Thread C:\windows\system32\svchost.exe [1676:2840] 000007f8583d1544

Thread C:\windows\system32\svchost.exe [1676:2852] 000007f8583b55dc

Thread C:\windows\system32\svchost.exe [1676:3424] 000007f856c84910

Thread C:\windows\system32\svchost.exe [1676:4820] 000007f856c81044

Thread C:\windows\SYSTEM32\ntdll.dll [1916:3248] 0000000000d71c24

Thread C:\windows\SYSTEM32\ntdll.dll [1916:3068] 000000006871e54e

Thread C:\windows\SYSTEM32\ntdll.dll [1916:3648] 0000000066c4eec8

Thread C:\windows\SYSTEM32\ntdll.dll [1916:3036] 0000000066c4eec8

Thread C:\windows\SYSTEM32\ntdll.dll [1916:1500] 0000000066c4eec8

Thread C:\windows\SYSTEM32\ntdll.dll [1916:4028] 0000000066fb319b

Thread C:\windows\SYSTEM32\ntdll.dll [1916:4632] 0000000067827019

Thread C:\windows\SYSTEM32\ntdll.dll [1916:5928] 00000000743816dc

Thread C:\windows\system32\csrss.exe [5700:7092] fffff960008ab5e8

Thread C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe [5288:6164] 0000000000320060

Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe [5136:3448] 000007f8631823a8

Thread C:\windows\SYSTEM32\ntdll.dll [2576:4620] 000000000130e0cc

Thread C:\windows\SYSTEM32\ntdll.dll [2576:5140] 0000000001110060

Thread C:\windows\SYSTEM32\ntdll.dll [2576:3820] 00000000012f35e0

Thread C:\windows\SYSTEM32\ntdll.dll [2576:5580] 00000000013077a0

Thread C:\windows\syswow64\wwahost.exe [6448:5504] 0000000077ca50a7

Thread C:\windows\syswow64\wwahost.exe [6448:6924] 0000000077ca50a7

Thread C:\windows\syswow64\wwahost.exe [6448:2400] 00000000756b4f62

Thread C:\windows\syswow64\wwahost.exe [6448:596] 0000000077ca50a7

Thread C:\windows\syswow64\wwahost.exe [6448:4780] 0000000073c15931

Thread C:\windows\syswow64\wwahost.exe [6448:6428] 00000000756b4f62

Thread C:\windows\syswow64\wwahost.exe [6448:1748] 0000000076e29102

Thread C:\windows\syswow64\wwahost.exe [6448:6844] 0000000076e29102

Thread C:\windows\syswow64\wwahost.exe [6448:6944] 0000000077ca50a7

Thread C:\windows\syswow64\wwahost.exe [6448:5532] 0000000077ca50a7

Thread C:\windows\syswow64\wwahost.exe [6448:4616] 0000000076e29102

Thread C:\windows\syswow64\wwahost.exe [6448:6860] 00000000756b4f62

Thread C:\windows\syswow64\wwahost.exe [6448:6196] 00000000756b4f62

Thread C:\windows\syswow64\wwahost.exe [6448:448] 0000000077ca50a7

Thread C:\windows\syswow64\wwahost.exe [6448:4608] 0000000076e29102

Thread C:\windows\syswow64\wwahost.exe [6448:4236] 0000000076e29102

Thread C:\windows\syswow64\wwahost.exe [6448:6232] 0000000076e29102

Thread C:\windows\syswow64\wwahost.exe [6448:5152] 0000000076e29102

Thread C:\windows\syswow64\wwahost.exe [6448:3616] 0000000076e29102

Thread C:\windows\syswow64\wwahost.exe [6448:3844] 0000000076e29102

Thread C:\windows\syswow64\wwahost.exe [6448:2300] 00000000636a5129

Thread C:\windows\syswow64\wwahost.exe [6448:5536] 0000000077c8df08

Thread C:\windows\syswow64\wwahost.exe [6448:4208] 00000000637f0349

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Obrigado, por enquanto! :unsure:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro RenatoMejias,

Na versão 11 (11.0.0.1245) do programa, após clicar com o botão direito sobre o arquivo para executá-lo como admin., apareceu o primeiro erro que segue anexo.

Então, tentei a versão 10 (9.0.0.722). Consegui instalar o programa. Ele está vasculhando os arquivos nesse momento em que lhe escrevendo. (Eita, o Karpersky abriu uma janela. Dei um print na tela. Salvei e estou lhe enviando o anexo.)

Voltando a versão 10, enquanto o programa estava trabalhando apareceu um erro (3º anexo).

Obrigado,

Marcitus

PS.: (05/08/13)

A versão 10 do Karpersky não detectou nenhuma ameaça ao meu laptop.

Aguardo resposta,

Obrigado.

post-1054345-13884966515184_thumb.jpg

post-1054345-13884966515892_thumb.jpg

post-1054345-13884966516388_thumb.jpg

Editado por Marcitus

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problemas de lentidão não necessariamente tem relação com malware. Recomendo que use a ferramenta FixIT da Microsoft, ela tem bons resultados com problemas diversos do sistema operacional. Caso tenha mais alguma dúvida, fique a vontade para postar no setor de sistemas operacionais.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×