JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Filip on ne 15.11.2015 at 14:34:27,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Program Files (x86)\GUT22DC.tmp
Successfully deleted: [File] C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Successfully deleted: [File] C:\Users\Filip\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage
Successfully deleted: [File] C:\Users\Filip\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage-journal
Successfully deleted: [File] C:\Users\Public\Desktop\hotspot shield.lnk
~~~ Folders
Successfully deleted: [Folder] C:\Users\Filip\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Filip\Appdata\Local\51084544-D3EB-4527-A884-70101C66B793
Successfully deleted: [Folder] C:\Users\Filip\Appdata\Local\BA7C849F-C229-4EE3-ADEB-1142295489DE
~~~ FireFox
Successfully deleted the following from C:\Users\Filip\AppData\Roaming\mozilla\firefox\profiles\vlz4iwuw.default\prefs.js
user_pref(browser.search.searchengine.alias, mystartsearch);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.mystartsearch.com/favicon.ico);
user_pref(browser.search.searchengine.name, mystartsearch);
user_pref(browser.search.searchengine.ptid, cmi);
user_pref(browser.search.searchengine.uid, WDCXWD7500BPVT-24HXZT3_WD-WX21A818517585175);
user_pref(browser.search.searchengine.url, hxxp://www.mystartsearch.com/web/?type= ... D7500BPVT-
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Filip\Appdata\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Successfully deleted: [Folder] C:\Users\Filip\Appdata\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
[C:\Users\Filip\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Filip\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
bgjpfhpjcgdppjbgnpnjllokbmcdllig
olfeabkoenfaoljndfecamgilllcpiak
[C:\Users\Filip\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Filip\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
bgjpfhpjcgdppjbgnpnjllokbmcdllig,
olfeabkoenfaoljndfecamgilllcpiak
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 15.11.2015 at 14:40:16,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Prosím o kontrolu
-
fulldragons
- Level 1.5
- Příspěvky: 100
- Registrován: listopad 14
- Pohlaví:
- Stav:
Offline
-
fulldragons
- Level 1.5
- Příspěvky: 100
- Registrován: listopad 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
RK
RogueKiller V10.11.5.0 (x64) [Nov 9 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Filip [Administrator]
Started from : C:\Users\Filip\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 11/15/2015 15:12:17
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 30 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x76f501e0 (jmp 0x161140|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f503a0 (jmp 0x162650|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f50380 (jmp 0x162610|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x76f502c0 (jmp 0x162490|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f50480 (jmp 0x161bf0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f503d0 (jmp 0x162760|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x76f502d0 (jmp 0x162520|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f50390 (jmp 0x162160|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x76f503f0 (jmp 0x161510|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x76f50300 (jmp 0x1624b0|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x76f50360 (jmp 0x162750|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f50490 (jmp 0x161bf0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x76f50440 (jmp 0x162990|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f50340 (jmp 0x162020|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x76f50310 (jmp 0x1625f0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f502a0 (jmp 0x161e90|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f502b0 (jmp 0x161920|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x76f50280 (jmp 0x161f00|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x76f50290 (jmp 0x161950|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x76f50320 (jmp 0x161ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x76f50330 (jmp 0x161960|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f503c0 (jmp 0x161f90|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x76f503e0 (jmp 0x162500|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x76f50370 (jmp 0x1619b0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x76f50420 (jmp 0x161290|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f50470 (jmp 0x162270|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f50430 (jmp 0x161770|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x76f50270 (jmp 0x160ff0|jmp 0xfffffffffffffd89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f502f0 (jmp 0x161a20|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x76f501d0 (jmp 0x161a30|jmp 0xfffffffffffffe29|jmp 0x19b)
¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] vlz4iwuw.default : Default SearchProtected [defsearchp@gmail.com] -> Found
[PUP][FIREFX:Addon] vlz4iwuw.default : deskCut [deskCutv2@gmail.com] -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 05b8ee1c75096f39d41f6b1bc3c962be
[BSP] 6ac3e874b01e3e47f2da1f8ddbc6b5d3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 670402 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1373394944 | Size: 29693 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] e8e9646b0f0028740c6c9323b5b74231
[BSP] 5f1293a60a2171c776bf9958b0ae620d : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
RogueKiller V10.11.5.0 (x64) [Nov 9 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Filip [Administrator]
Started from : C:\Users\Filip\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 11/15/2015 15:12:17
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 30 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x76f501e0 (jmp 0x161140|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f503a0 (jmp 0x162650|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f50380 (jmp 0x162610|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x76f502c0 (jmp 0x162490|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f50480 (jmp 0x161bf0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f503d0 (jmp 0x162760|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x76f502d0 (jmp 0x162520|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f50390 (jmp 0x162160|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x76f503f0 (jmp 0x161510|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x76f50300 (jmp 0x1624b0|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x76f50360 (jmp 0x162750|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f50490 (jmp 0x161bf0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x76f50440 (jmp 0x162990|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f50340 (jmp 0x162020|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x76f50310 (jmp 0x1625f0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f502a0 (jmp 0x161e90|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f502b0 (jmp 0x161920|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x76f50280 (jmp 0x161f00|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x76f50290 (jmp 0x161950|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x76f50320 (jmp 0x161ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x76f50330 (jmp 0x161960|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f503c0 (jmp 0x161f90|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x76f503e0 (jmp 0x162500|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x76f50370 (jmp 0x1619b0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x76f50420 (jmp 0x161290|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f50470 (jmp 0x162270|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f50430 (jmp 0x161770|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x76f50270 (jmp 0x160ff0|jmp 0xfffffffffffffd89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f502f0 (jmp 0x161a20|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x76f501d0 (jmp 0x161a30|jmp 0xfffffffffffffe29|jmp 0x19b)
¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] vlz4iwuw.default : Default SearchProtected [defsearchp@gmail.com] -> Found
[PUP][FIREFX:Addon] vlz4iwuw.default : deskCut [deskCutv2@gmail.com] -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 05b8ee1c75096f39d41f6b1bc3c962be
[BSP] 6ac3e874b01e3e47f2da1f8ddbc6b5d3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 670402 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1373394944 | Size: 29693 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] e8e9646b0f0028740c6c9323b5b74231
[BSP] 5f1293a60a2171c776bf9958b0ae620d : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
-
fulldragons
- Level 1.5
- Příspěvky: 100
- Registrován: listopad 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Jenom dodám že po adw cleeaningu jsem se nedostal na internet, firewall to tam blokoval tak jsem musel resetovat nastaveni firewallu, už to jde. Jinak program hotspot shield používám, mám ho zaplacený, mám ho k tomu abych se mohl připojovat např z ameriky atd, zkrátka DNS a proxy. Díky za pochopení
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Dobře, takže tyto přenastavené proxy jsou také v pořádku?
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Found
Pokud jo, tak je v RogueKilleru nezaškrtávej.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka) - KROMĚ TICH PROXY
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Found
Pokud jo, tak je v RogueKilleru nezaškrtávej.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka) - KROMĚ TICH PROXY
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
-
fulldragons
- Level 1.5
- Příspěvky: 100
- Registrován: listopad 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
jenom se zeptám, před tím než něco provedu, když bych ty proxy taky "smazal" či co s nimi ten rogue killer udělá, po opětovné instalaci Hot Spot Shieldu mi opět půjdou že? Díky za odpověď
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Ano, po opětovné instalaci a nastavení Hotspotshieldu by se mělo vše vrátit ke starému, každopádně je vymazávat nemusíš, stačí je pouze nezaškrtávat, to je asi jednodušší řešení ne?
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
-
fulldragons
- Level 1.5
- Příspěvky: 100
- Registrován: listopad 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
já ale nevím zda jsou to ony, hotspot shield funguje tak že se mužeš připojit téměř od kud koliv a vždy z jiné proxy a VPN, každé připojení se to mění, např připojím se z Ameriky, pak do Chiny, zpět o Ameriky a mám jinou proxy a VPN, nevím zda tyto proxy patří k hotspot shieldu
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Tak to vymaž, podle mě pak ani nemusíš Hotspotshield přeinstalovat, akorát si tam prostě zvolíš tu novou proxy ..
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
-
fulldragons
- Level 1.5
- Příspěvky: 100
- Registrován: listopad 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
RogueKiller V10.11.6.0 (x64) [Nov 16 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Filip [Administrator]
Started from : C:\Users\Filip\Downloads\RogueKillerX64 (1).exe
Mode : Delete -- Date : 11/17/2015 14:27:56
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 426 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x76f801e0 (jmp 0x161140|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f803a0 (jmp 0x162650|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f80380 (jmp 0x162610|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x76f802c0 (jmp 0x162490|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f80480 (jmp 0x161bf0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f803d0 (jmp 0x162760|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x76f802d0 (jmp 0x162520|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f80390 (jmp 0x162160|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x76f803f0 (jmp 0x161510|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x76f80300 (jmp 0x1624b0|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x76f80360 (jmp 0x162750|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f80490 (jmp 0x161bf0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x76f80440 (jmp 0x162990|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f80340 (jmp 0x162020|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x76f80310 (jmp 0x1625f0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f802a0 (jmp 0x161e90|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f802b0 (jmp 0x161920|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x76f80280 (jmp 0x161f00|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x76f80290 (jmp 0x161950|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x76f80320 (jmp 0x161ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x76f80330 (jmp 0x161960|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f803c0 (jmp 0x161f90|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x76f803e0 (jmp 0x162500|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x76f80370 (jmp 0x1619b0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x76f80420 (jmp 0x161290|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f80470 (jmp 0x162270|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f80430 (jmp 0x161770|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x76f80270 (jmp 0x160ff0|jmp 0xfffffffffffffd89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f802f0 (jmp 0x161a20|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x76f801d0 (jmp 0x161a30|jmp 0xfffffffffffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x260300 (jmp 0x894424b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x2603e0 (jmp 0x89442500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x260440 (jmp 0x89442990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x260360 (jmp 0x89442750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x260370 (jmp 0x894419b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x2603a0 (jmp 0x89442650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x2603d0 (jmp 0x89442760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x2603c0 (jmp 0x89441f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x2603b0 (jmp 0x89442520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x260420 (jmp 0x89441290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x2603f0 (jmp 0x89441510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x260260 (jmp 0x89441390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x260330 (jmp 0x89441960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x260490 (jmp 0x89441bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x260410 (jmp 0x89441290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x260320 (jmp 0x89441ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x2601e0 (jmp 0x89441140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x260340 (jmp 0x89442020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x260240 (jmp 0x894419e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x260290 (jmp 0x89441950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x260200 (jmp 0x89441150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x260460 (jmp 0x89442800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x2601f0 (jmp 0x894410d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x260350 (jmp 0x89441a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x260220 (jmp 0x894421e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x260450 (jmp 0x894429f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x260230 (jmp 0x89441d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x260250 (jmp 0x89441390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x260310 (jmp 0x894425f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x260400 (jmp 0x89441f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x260390 (jmp 0x89442160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x2602d0 (jmp 0x89442520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x260470 (jmp 0x89442270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x260480 (jmp 0x89441bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x2602f0 (jmp 0x89441a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x2602c0 (jmp 0x89442490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x2602a0 (jmp 0x89441e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x260210 (jmp 0x89441070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x260280 (jmp 0x89441f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x2601d0 (jmp 0x89441a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x2602e0 (jmp 0x89441fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x260430 (jmp 0x89441770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x260380 (jmp 0x89442610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x2602b0 (jmp 0x89441920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0xb00300 (jmp 0x89ce24b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0xb003e0 (jmp 0x89ce2500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0xb00440 (jmp 0x89ce2990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0xb00360 (jmp 0x89ce2750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0xb00370 (jmp 0x89ce19b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0xb003a0 (jmp 0x89ce2650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0xb003d0 (jmp 0x89ce2760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0xb003c0 (jmp 0x89ce1f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0xb003b0 (jmp 0x89ce2520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0xb00420 (jmp 0x89ce1290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0xb003f0 (jmp 0x89ce1510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0xb00260 (jmp 0x89ce1390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0xb00330 (jmp 0x89ce1960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0xb00490 (jmp 0x89ce1bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0xb00410 (jmp 0x89ce1290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0xb00320 (jmp 0x89ce1ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0xb001e0 (jmp 0x89ce1140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0xb00340 (jmp 0x89ce2020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0xb00240 (jmp 0x89ce19e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0xb00290 (jmp 0x89ce1950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0xb00200 (jmp 0x89ce1150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0xb00460 (jmp 0x89ce2800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0xb001f0 (jmp 0x89ce10d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0xb00350 (jmp 0x89ce1a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0xb00220 (jmp 0x89ce21e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0xb00450 (jmp 0x89ce29f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0xb00230 (jmp 0x89ce1d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0xb00250 (jmp 0x89ce1390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0xb00310 (jmp 0x89ce25f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0xb00400 (jmp 0x89ce1f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0xb00390 (jmp 0x89ce2160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0xb002d0 (jmp 0x89ce2520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0xb00470 (jmp 0x89ce2270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0xb00480 (jmp 0x89ce1bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0xb002f0 (jmp 0x89ce1a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0xb002c0 (jmp 0x89ce2490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0xb002a0 (jmp 0x89ce1e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0xb00210 (jmp 0x89ce1070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0xb00280 (jmp 0x89ce1f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0xb001d0 (jmp 0x89ce1a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0xb002e0 (jmp 0x89ce1fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0xb00430 (jmp 0x89ce1770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0xb00380 (jmp 0x89ce2610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0xb002b0 (jmp 0x89ce1920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x9b0300 (jmp 0x89b924b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x9b03e0 (jmp 0x89b92500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x9b0440 (jmp 0x89b92990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x9b0360 (jmp 0x89b92750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x9b0370 (jmp 0x89b919b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x9b03a0 (jmp 0x89b92650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x9b03d0 (jmp 0x89b92760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x9b03c0 (jmp 0x89b91f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x9b03b0 (jmp 0x89b92520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x9b0420 (jmp 0x89b91290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x9b03f0 (jmp 0x89b91510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x9b0260 (jmp 0x89b91390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x9b0330 (jmp 0x89b91960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x9b0490 (jmp 0x89b91bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x9b0410 (jmp 0x89b91290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x9b0320 (jmp 0x89b91ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x9b01e0 (jmp 0x89b91140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x9b0340 (jmp 0x89b92020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x9b0240 (jmp 0x89b919e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x9b0290 (jmp 0x89b91950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x9b0200 (jmp 0x89b91150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x9b0460 (jmp 0x89b92800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x9b01f0 (jmp 0x89b910d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x9b0350 (jmp 0x89b91a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x9b0220 (jmp 0x89b921e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x9b0450 (jmp 0x89b929f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x9b0230 (jmp 0x89b91d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x9b0250 (jmp 0x89b91390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x9b0310 (jmp 0x89b925f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x9b0400 (jmp 0x89b91f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x9b0390 (jmp 0x89b92160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x9b02d0 (jmp 0x89b92520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x9b0470 (jmp 0x89b92270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x9b0480 (jmp 0x89b91bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x9b02f0 (jmp 0x89b91a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x9b02c0 (jmp 0x89b92490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x9b02a0 (jmp 0x89b91e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x9b0210 (jmp 0x89b91070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x9b0280 (jmp 0x89b91f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x9b01d0 (jmp 0x89b91a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x9b02e0 (jmp 0x89b91fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x9b0430 (jmp 0x89b91770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x9b0380 (jmp 0x89b92610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x9b02b0 (jmp 0x89b91920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x76f80300 (jmp 0x1624b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x76f803e0 (jmp 0x162500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x76f80440 (jmp 0x162990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x76f80360 (jmp 0x162750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x76f80370 (jmp 0x1619b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f803a0 (jmp 0x162650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f803d0 (jmp 0x162760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f803c0 (jmp 0x161f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x76f803b0 (jmp 0x162520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x76f80420 (jmp 0x161290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x76f803f0 (jmp 0x161510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x76f80260 (jmp 0x161390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x76f80330 (jmp 0x161960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f80490 (jmp 0x161bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x76f80410 (jmp 0x161290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x76f80320 (jmp 0x161ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x76f801e0 (jmp 0x161140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f80340 (jmp 0x162020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x76f80240 (jmp 0x1619e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x76f80290 (jmp 0x161950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x76f80200 (jmp 0x161150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x76f80460 (jmp 0x162800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x76f801f0 (jmp 0x1610d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x76f80350 (jmp 0x161a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x76f80220 (jmp 0x1621e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x76f80450 (jmp 0x1629f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x76f80230 (jmp 0x161d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x76f80250 (jmp 0x161390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x76f80310 (jmp 0x1625f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x76f80400 (jmp 0x161f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f80390 (jmp 0x162160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x76f802d0 (jmp 0x162520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f80470 (jmp 0x162270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f80480 (jmp 0x161bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f802f0 (jmp 0x161a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x76f802c0 (jmp 0x162490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f802a0 (jmp 0x161e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x76f80210 (jmp 0x161070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x76f80280 (jmp 0x161f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x76f801d0 (jmp 0x161a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x76f802e0 (jmp 0x161fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f80430 (jmp 0x161770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f80380 (jmp 0x162610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f802b0 (jmp 0x161920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x2c0300 (jmp 0x894a24b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x2c03e0 (jmp 0x894a2500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x2c0440 (jmp 0x894a2990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x2c0360 (jmp 0x894a2750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x2c0370 (jmp 0x894a19b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x2c03a0 (jmp 0x894a2650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x2c03d0 (jmp 0x894a2760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x2c03c0 (jmp 0x894a1f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x2c03b0 (jmp 0x894a2520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x2c0420 (jmp 0x894a1290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x2c03f0 (jmp 0x894a1510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x2c0260 (jmp 0x894a1390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x2c0330 (jmp 0x894a1960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x2c0490 (jmp 0x894a1bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x2c0410 (jmp 0x894a1290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x2c0320 (jmp 0x894a1ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x2c01e0 (jmp 0x894a1140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x2c0340 (jmp 0x894a2020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x2c0240 (jmp 0x894a19e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x2c0290 (jmp 0x894a1950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x2c0200 (jmp 0x894a1150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x2c0460 (jmp 0x894a2800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x2c01f0 (jmp 0x894a10d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x2c0350 (jmp 0x894a1a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x2c0220 (jmp 0x894a21e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x2c0450 (jmp 0x894a29f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x2c0230 (jmp 0x894a1d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x2c0250 (jmp 0x894a1390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x2c0310 (jmp 0x894a25f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x2c0400 (jmp 0x894a1f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x2c0390 (jmp 0x894a2160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x2c02d0 (jmp 0x894a2520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x2c0470 (jmp 0x894a2270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x2c0480 (jmp 0x894a1bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x2c02f0 (jmp 0x894a1a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x2c02c0 (jmp 0x894a2490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x2c02a0 (jmp 0x894a1e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x2c0210 (jmp 0x894a1070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x2c0280 (jmp 0x894a1f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x2c01d0 (jmp 0x894a1a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x2c02e0 (jmp 0x894a1fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x2c0430 (jmp 0x894a1770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x2c0380 (jmp 0x894a2610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x2c02b0 (jmp 0x894a1920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x76f80300 (jmp 0x1624b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x76f803e0 (jmp 0x162500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x76f80440 (jmp 0x162990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x76f80360 (jmp 0x162750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x76f80370 (jmp 0x1619b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f803a0 (jmp 0x162650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f803d0 (jmp 0x162760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f803c0 (jmp 0x161f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x76f803b0 (jmp 0x162520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x76f80420 (jmp 0x161290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x76f803f0 (jmp 0x161510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x76f80260 (jmp 0x161390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x76f80330 (jmp 0x161960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f80490 (jmp 0x161bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x76f80410 (jmp 0x161290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x76f80320 (jmp 0x161ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x76f801e0 (jmp 0x161140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f80340 (jmp 0x162020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x76f80240 (jmp 0x1619e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x76f80290 (jmp 0x161950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x76f80200 (jmp 0x161150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x76f80460 (jmp 0x162800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x76f801f0 (jmp 0x1610d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x76f80350 (jmp 0x161a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x76f80220 (jmp 0x1621e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x76f80450 (jmp 0x1629f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x76f80230 (jmp 0x161d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x76f80250 (jmp 0x161390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x76f80310 (jmp 0x1625f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x76f80400 (jmp 0x161f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f80390 (jmp 0x162160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x76f802d0 (jmp 0x162520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f80470 (jmp 0x162270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f80480 (jmp 0x161bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f802f0 (jmp 0x161a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x76f802c0 (jmp 0x162490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f802a0 (jmp 0x161e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x76f80210 (jmp 0x161070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x76f80280 (jmp 0x161f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x76f801d0 (jmp 0x161a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x76f802e0 (jmp 0x161fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f80430 (jmp 0x161770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f80380 (jmp 0x162610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f802b0 (jmp 0x161920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x9d0300 (jmp 0x89bb24b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x9d03e0 (jmp 0x89bb2500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x9d0440 (jmp 0x89bb2990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x9d0360 (jmp 0x89bb2750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x9d0370 (jmp 0x89bb19b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x9d03a0 (jmp 0x89bb2650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x9d03d0 (jmp 0x89bb2760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x9d03c0 (jmp 0x89bb1f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x9d03b0 (jmp 0x89bb2520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x9d0420 (jmp 0x89bb1290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x9d03f0 (jmp 0x89bb1510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x9d0260 (jmp 0x89bb1390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x9d0330 (jmp 0x89bb1960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x9d0490 (jmp 0x89bb1bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x9d0410 (jmp 0x89bb1290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x9d0320 (jmp 0x89bb1ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x9d01e0 (jmp 0x89bb1140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x9d0340 (jmp 0x89bb2020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x9d0240 (jmp 0x89bb19e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x9d0290 (jmp 0x89bb1950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x9d0200 (jmp 0x89bb1150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x9d0460 (jmp 0x89bb2800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x9d01f0 (jmp 0x89bb10d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x9d0350 (jmp 0x89bb1a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x9d0220 (jmp 0x89bb21e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x9d0450 (jmp 0x89bb29f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x9d0230 (jmp 0x89bb1d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x9d0250 (jmp 0x89bb1390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x9d0310 (jmp 0x89bb25f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x9d0400 (jmp 0x89bb1f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x9d0390 (jmp 0x89bb2160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x9d02d0 (jmp 0x89bb2520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x9d0470 (jmp 0x89bb2270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x9d0480 (jmp 0x89bb1bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x9d02f0 (jmp 0x89bb1a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x9d02c0 (jmp 0x89bb2490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x9d02a0 (jmp 0x89bb1e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x9d0210 (jmp 0x89bb1070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x9d0280 (jmp 0x89bb1f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x9d01d0 (jmp 0x89bb1a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x9d02e0 (jmp 0x89bb1fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x9d0430 (jmp 0x89bb1770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x9d0380 (jmp 0x89bb2610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x9d02b0 (jmp 0x89bb1920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x76f80300 (jmp 0x1624b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x76f803e0 (jmp 0x162500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x76f80440 (jmp 0x162990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x76f80360 (jmp 0x162750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x76f80370 (jmp 0x1619b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f803a0 (jmp 0x162650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f803d0 (jmp 0x162760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f803c0 (jmp 0x161f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x76f803b0 (jmp 0x162520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x76f80420 (jmp 0x161290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x76f803f0 (jmp 0x161510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x76f80260 (jmp 0x161390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x76f80330 (jmp 0x161960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f80490 (jmp 0x161bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x76f80410 (jmp 0x161290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x76f80320 (jmp 0x161ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x76f801e0 (jmp 0x161140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f80340 (jmp 0x162020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x76f80240 (jmp 0x1619e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x76f80290 (jmp 0x161950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x76f80200 (jmp 0x161150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x76f80460 (jmp 0x162800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x76f801f0 (jmp 0x1610d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x76f80350 (jmp 0x161a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x76f80220 (jmp 0x1621e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x76f80450 (jmp 0x1629f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x76f80230 (jmp 0x161d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x76f80250 (jmp 0x161390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x76f80310 (jmp 0x1625f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x76f80400 (jmp 0x161f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f80390 (jmp 0x162160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x76f802d0 (jmp 0x162520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f80470 (jmp 0x162270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f80480 (jmp 0x161bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f802f0 (jmp 0x161a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x76f802c0 (jmp 0x162490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f802a0 (jmp 0x161e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x76f80210 (jmp 0x161070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x76f80280 (jmp 0x161f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x76f801d0 (jmp 0x161a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x76f802e0 (jmp 0x161fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f80430 (jmp 0x161770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f80380 (jmp 0x162610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f802b0 (jmp 0x161920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0xce0300 (jmp 0x89ec24b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0xce03e0 (jmp 0x89ec2500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0xce0440 (jmp 0x89ec2990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0xce0360 (jmp 0x89ec2750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0xce0370 (jmp 0x89ec19b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0xce03a0 (jmp 0x89ec2650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0xce03d0 (jmp 0x89ec2760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0xce03c0 (jmp 0x89ec1f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0xce03b0 (jmp 0x89ec2520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0xce0420 (jmp 0x89ec1290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0xce03f0 (jmp 0x89ec1510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0xce0260 (jmp 0x89ec1390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0xce0330 (jmp 0x89ec1960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0xce0490 (jmp 0x89ec1bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0xce0410 (jmp 0x89ec1290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0xce0320 (jmp 0x89ec1ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0xce01e0 (jmp 0x89ec1140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0xce0340 (jmp 0x89ec2020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0xce0240 (jmp 0x89ec19e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0xce0290 (jmp 0x89ec1950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0xce0200 (jmp 0x89ec1150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0xce0460 (jmp 0x89ec2800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0xce01f0 (jmp 0x89ec10d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0xce0350 (jmp 0x89ec1a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0xce0220 (jmp 0x89ec21e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0xce0450 (jmp 0x89ec29f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0xce0230 (jmp 0x89ec1d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0xce0250 (jmp 0x89ec1390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0xce0310 (jmp 0x89ec25f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0xce0400 (jmp 0x89ec1f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0xce0390 (jmp 0x89ec2160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0xce02d0 (jmp 0x89ec2520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0xce0470 (jmp 0x89ec2270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0xce0480 (jmp 0x89ec1bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0xce02f0 (jmp 0x89ec1a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0xce02c0 (jmp 0x89ec2490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0xce02a0 (jmp 0x89ec1e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0xce0210 (jmp 0x89ec1070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0xce0280 (jmp 0x89ec1f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0xce01d0 (jmp 0x89ec1a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0xce02e0 (jmp 0x89ec1fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0xce0430 (jmp 0x89ec1770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0xce0380 (jmp 0x89ec2610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0xce02b0 (jmp 0x89ec1920|jmp 0xfffffd49|jmp 0x19b)
¤¤¤ Web browsers : 4 ¤¤¤
[FIREFX:Addon] vlz4iwuw.default : Avast Online Security [wrc@avast.com] -> Deleted
[FIREFX:Addon] vlz4iwuw.default : CinemaPlus-3.2cV18.10 [d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com] -> Deleted
[PUP][FIREFX:Addon] vlz4iwuw.default : Default SearchProtected [defsearchp@gmail.com] -> Deleted
[PUP][FIREFX:Addon] vlz4iwuw.default : deskCut [deskCutv2@gmail.com] -> Deleted
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 05b8ee1c75096f39d41f6b1bc3c962be
[BSP] 6ac3e874b01e3e47f2da1f8ddbc6b5d3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 670402 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1373394944 | Size: 29693 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] e8e9646b0f0028740c6c9323b5b74231
[BSP] 5f1293a60a2171c776bf9958b0ae620d : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Filip [Administrator]
Started from : C:\Users\Filip\Downloads\RogueKillerX64 (1).exe
Mode : Delete -- Date : 11/17/2015 14:27:56
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555 -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2562844430-573454042-539011846-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 426 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x76f801e0 (jmp 0x161140|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f803a0 (jmp 0x162650|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f80380 (jmp 0x162610|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x76f802c0 (jmp 0x162490|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f80480 (jmp 0x161bf0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f803d0 (jmp 0x162760|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x76f802d0 (jmp 0x162520|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f80390 (jmp 0x162160|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x76f803f0 (jmp 0x161510|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x76f80300 (jmp 0x1624b0|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x76f80360 (jmp 0x162750|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f80490 (jmp 0x161bf0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x76f80440 (jmp 0x162990|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f80340 (jmp 0x162020|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x76f80310 (jmp 0x1625f0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f802a0 (jmp 0x161e90|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f802b0 (jmp 0x161920|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x76f80280 (jmp 0x161f00|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x76f80290 (jmp 0x161950|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x76f80320 (jmp 0x161ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x76f80330 (jmp 0x161960|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f803c0 (jmp 0x161f90|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x76f803e0 (jmp 0x162500|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x76f80370 (jmp 0x1619b0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x76f80420 (jmp 0x161290|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f80470 (jmp 0x162270|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f80430 (jmp 0x161770|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x76f80270 (jmp 0x160ff0|jmp 0xfffffffffffffd89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f802f0 (jmp 0x161a20|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x76f801d0 (jmp 0x161a30|jmp 0xfffffffffffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x260300 (jmp 0x894424b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x2603e0 (jmp 0x89442500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x260440 (jmp 0x89442990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x260360 (jmp 0x89442750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x260370 (jmp 0x894419b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x2603a0 (jmp 0x89442650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x2603d0 (jmp 0x89442760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x2603c0 (jmp 0x89441f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x2603b0 (jmp 0x89442520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x260420 (jmp 0x89441290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x2603f0 (jmp 0x89441510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x260260 (jmp 0x89441390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x260330 (jmp 0x89441960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x260490 (jmp 0x89441bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x260410 (jmp 0x89441290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x260320 (jmp 0x89441ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x2601e0 (jmp 0x89441140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x260340 (jmp 0x89442020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x260240 (jmp 0x894419e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x260290 (jmp 0x89441950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x260200 (jmp 0x89441150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x260460 (jmp 0x89442800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x2601f0 (jmp 0x894410d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x260350 (jmp 0x89441a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x260220 (jmp 0x894421e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x260450 (jmp 0x894429f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x260230 (jmp 0x89441d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x260250 (jmp 0x89441390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x260310 (jmp 0x894425f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x260400 (jmp 0x89441f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x260390 (jmp 0x89442160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x2602d0 (jmp 0x89442520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x260470 (jmp 0x89442270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x260480 (jmp 0x89441bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x2602f0 (jmp 0x89441a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x2602c0 (jmp 0x89442490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x2602a0 (jmp 0x89441e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x260210 (jmp 0x89441070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x260280 (jmp 0x89441f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x2601d0 (jmp 0x89441a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x2602e0 (jmp 0x89441fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x260430 (jmp 0x89441770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x260380 (jmp 0x89442610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x2602b0 (jmp 0x89441920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0xb00300 (jmp 0x89ce24b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0xb003e0 (jmp 0x89ce2500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0xb00440 (jmp 0x89ce2990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0xb00360 (jmp 0x89ce2750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0xb00370 (jmp 0x89ce19b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0xb003a0 (jmp 0x89ce2650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0xb003d0 (jmp 0x89ce2760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0xb003c0 (jmp 0x89ce1f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0xb003b0 (jmp 0x89ce2520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0xb00420 (jmp 0x89ce1290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0xb003f0 (jmp 0x89ce1510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0xb00260 (jmp 0x89ce1390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0xb00330 (jmp 0x89ce1960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0xb00490 (jmp 0x89ce1bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0xb00410 (jmp 0x89ce1290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0xb00320 (jmp 0x89ce1ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0xb001e0 (jmp 0x89ce1140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0xb00340 (jmp 0x89ce2020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0xb00240 (jmp 0x89ce19e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0xb00290 (jmp 0x89ce1950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0xb00200 (jmp 0x89ce1150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0xb00460 (jmp 0x89ce2800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0xb001f0 (jmp 0x89ce10d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0xb00350 (jmp 0x89ce1a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0xb00220 (jmp 0x89ce21e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0xb00450 (jmp 0x89ce29f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0xb00230 (jmp 0x89ce1d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0xb00250 (jmp 0x89ce1390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0xb00310 (jmp 0x89ce25f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0xb00400 (jmp 0x89ce1f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0xb00390 (jmp 0x89ce2160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0xb002d0 (jmp 0x89ce2520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0xb00470 (jmp 0x89ce2270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0xb00480 (jmp 0x89ce1bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0xb002f0 (jmp 0x89ce1a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0xb002c0 (jmp 0x89ce2490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0xb002a0 (jmp 0x89ce1e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0xb00210 (jmp 0x89ce1070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0xb00280 (jmp 0x89ce1f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0xb001d0 (jmp 0x89ce1a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0xb002e0 (jmp 0x89ce1fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0xb00430 (jmp 0x89ce1770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0xb00380 (jmp 0x89ce2610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0xb002b0 (jmp 0x89ce1920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x9b0300 (jmp 0x89b924b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x9b03e0 (jmp 0x89b92500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x9b0440 (jmp 0x89b92990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x9b0360 (jmp 0x89b92750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x9b0370 (jmp 0x89b919b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x9b03a0 (jmp 0x89b92650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x9b03d0 (jmp 0x89b92760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x9b03c0 (jmp 0x89b91f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x9b03b0 (jmp 0x89b92520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x9b0420 (jmp 0x89b91290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x9b03f0 (jmp 0x89b91510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x9b0260 (jmp 0x89b91390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x9b0330 (jmp 0x89b91960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x9b0490 (jmp 0x89b91bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x9b0410 (jmp 0x89b91290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x9b0320 (jmp 0x89b91ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x9b01e0 (jmp 0x89b91140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x9b0340 (jmp 0x89b92020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x9b0240 (jmp 0x89b919e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x9b0290 (jmp 0x89b91950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x9b0200 (jmp 0x89b91150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x9b0460 (jmp 0x89b92800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x9b01f0 (jmp 0x89b910d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x9b0350 (jmp 0x89b91a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x9b0220 (jmp 0x89b921e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x9b0450 (jmp 0x89b929f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x9b0230 (jmp 0x89b91d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x9b0250 (jmp 0x89b91390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x9b0310 (jmp 0x89b925f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x9b0400 (jmp 0x89b91f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x9b0390 (jmp 0x89b92160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x9b02d0 (jmp 0x89b92520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x9b0470 (jmp 0x89b92270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x9b0480 (jmp 0x89b91bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x9b02f0 (jmp 0x89b91a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x9b02c0 (jmp 0x89b92490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x9b02a0 (jmp 0x89b91e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x9b0210 (jmp 0x89b91070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x9b0280 (jmp 0x89b91f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x9b01d0 (jmp 0x89b91a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x9b02e0 (jmp 0x89b91fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x9b0430 (jmp 0x89b91770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x9b0380 (jmp 0x89b92610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x9b02b0 (jmp 0x89b91920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x76f80300 (jmp 0x1624b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x76f803e0 (jmp 0x162500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x76f80440 (jmp 0x162990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x76f80360 (jmp 0x162750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x76f80370 (jmp 0x1619b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f803a0 (jmp 0x162650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f803d0 (jmp 0x162760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f803c0 (jmp 0x161f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x76f803b0 (jmp 0x162520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x76f80420 (jmp 0x161290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x76f803f0 (jmp 0x161510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x76f80260 (jmp 0x161390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x76f80330 (jmp 0x161960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f80490 (jmp 0x161bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x76f80410 (jmp 0x161290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x76f80320 (jmp 0x161ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x76f801e0 (jmp 0x161140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f80340 (jmp 0x162020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x76f80240 (jmp 0x1619e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x76f80290 (jmp 0x161950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x76f80200 (jmp 0x161150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x76f80460 (jmp 0x162800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x76f801f0 (jmp 0x1610d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x76f80350 (jmp 0x161a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x76f80220 (jmp 0x1621e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x76f80450 (jmp 0x1629f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x76f80230 (jmp 0x161d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x76f80250 (jmp 0x161390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x76f80310 (jmp 0x1625f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x76f80400 (jmp 0x161f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f80390 (jmp 0x162160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x76f802d0 (jmp 0x162520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f80470 (jmp 0x162270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f80480 (jmp 0x161bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f802f0 (jmp 0x161a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x76f802c0 (jmp 0x162490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f802a0 (jmp 0x161e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x76f80210 (jmp 0x161070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x76f80280 (jmp 0x161f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x76f801d0 (jmp 0x161a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x76f802e0 (jmp 0x161fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f80430 (jmp 0x161770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f80380 (jmp 0x162610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f802b0 (jmp 0x161920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x2c0300 (jmp 0x894a24b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x2c03e0 (jmp 0x894a2500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x2c0440 (jmp 0x894a2990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x2c0360 (jmp 0x894a2750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x2c0370 (jmp 0x894a19b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x2c03a0 (jmp 0x894a2650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x2c03d0 (jmp 0x894a2760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x2c03c0 (jmp 0x894a1f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x2c03b0 (jmp 0x894a2520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x2c0420 (jmp 0x894a1290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x2c03f0 (jmp 0x894a1510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x2c0260 (jmp 0x894a1390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x2c0330 (jmp 0x894a1960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x2c0490 (jmp 0x894a1bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x2c0410 (jmp 0x894a1290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x2c0320 (jmp 0x894a1ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x2c01e0 (jmp 0x894a1140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x2c0340 (jmp 0x894a2020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x2c0240 (jmp 0x894a19e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x2c0290 (jmp 0x894a1950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x2c0200 (jmp 0x894a1150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x2c0460 (jmp 0x894a2800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x2c01f0 (jmp 0x894a10d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x2c0350 (jmp 0x894a1a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x2c0220 (jmp 0x894a21e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x2c0450 (jmp 0x894a29f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x2c0230 (jmp 0x894a1d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x2c0250 (jmp 0x894a1390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x2c0310 (jmp 0x894a25f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x2c0400 (jmp 0x894a1f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x2c0390 (jmp 0x894a2160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x2c02d0 (jmp 0x894a2520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x2c0470 (jmp 0x894a2270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x2c0480 (jmp 0x894a1bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x2c02f0 (jmp 0x894a1a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x2c02c0 (jmp 0x894a2490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x2c02a0 (jmp 0x894a1e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x2c0210 (jmp 0x894a1070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x2c0280 (jmp 0x894a1f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x2c01d0 (jmp 0x894a1a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x2c02e0 (jmp 0x894a1fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x2c0430 (jmp 0x894a1770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x2c0380 (jmp 0x894a2610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x2c02b0 (jmp 0x894a1920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x76f80300 (jmp 0x1624b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x76f803e0 (jmp 0x162500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x76f80440 (jmp 0x162990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x76f80360 (jmp 0x162750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x76f80370 (jmp 0x1619b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f803a0 (jmp 0x162650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f803d0 (jmp 0x162760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f803c0 (jmp 0x161f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x76f803b0 (jmp 0x162520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x76f80420 (jmp 0x161290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x76f803f0 (jmp 0x161510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x76f80260 (jmp 0x161390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x76f80330 (jmp 0x161960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f80490 (jmp 0x161bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x76f80410 (jmp 0x161290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x76f80320 (jmp 0x161ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x76f801e0 (jmp 0x161140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f80340 (jmp 0x162020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x76f80240 (jmp 0x1619e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x76f80290 (jmp 0x161950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x76f80200 (jmp 0x161150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x76f80460 (jmp 0x162800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x76f801f0 (jmp 0x1610d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x76f80350 (jmp 0x161a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x76f80220 (jmp 0x1621e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x76f80450 (jmp 0x1629f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x76f80230 (jmp 0x161d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x76f80250 (jmp 0x161390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x76f80310 (jmp 0x1625f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x76f80400 (jmp 0x161f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f80390 (jmp 0x162160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x76f802d0 (jmp 0x162520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f80470 (jmp 0x162270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f80480 (jmp 0x161bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f802f0 (jmp 0x161a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x76f802c0 (jmp 0x162490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f802a0 (jmp 0x161e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x76f80210 (jmp 0x161070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x76f80280 (jmp 0x161f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x76f801d0 (jmp 0x161a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x76f802e0 (jmp 0x161fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f80430 (jmp 0x161770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f80380 (jmp 0x162610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f802b0 (jmp 0x161920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x9d0300 (jmp 0x89bb24b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x9d03e0 (jmp 0x89bb2500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x9d0440 (jmp 0x89bb2990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x9d0360 (jmp 0x89bb2750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x9d0370 (jmp 0x89bb19b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x9d03a0 (jmp 0x89bb2650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x9d03d0 (jmp 0x89bb2760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x9d03c0 (jmp 0x89bb1f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x9d03b0 (jmp 0x89bb2520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x9d0420 (jmp 0x89bb1290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x9d03f0 (jmp 0x89bb1510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x9d0260 (jmp 0x89bb1390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x9d0330 (jmp 0x89bb1960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x9d0490 (jmp 0x89bb1bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x9d0410 (jmp 0x89bb1290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x9d0320 (jmp 0x89bb1ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x9d01e0 (jmp 0x89bb1140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x9d0340 (jmp 0x89bb2020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x9d0240 (jmp 0x89bb19e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x9d0290 (jmp 0x89bb1950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x9d0200 (jmp 0x89bb1150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x9d0460 (jmp 0x89bb2800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x9d01f0 (jmp 0x89bb10d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x9d0350 (jmp 0x89bb1a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x9d0220 (jmp 0x89bb21e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x9d0450 (jmp 0x89bb29f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x9d0230 (jmp 0x89bb1d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x9d0250 (jmp 0x89bb1390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x9d0310 (jmp 0x89bb25f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x9d0400 (jmp 0x89bb1f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x9d0390 (jmp 0x89bb2160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x9d02d0 (jmp 0x89bb2520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x9d0470 (jmp 0x89bb2270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x9d0480 (jmp 0x89bb1bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x9d02f0 (jmp 0x89bb1a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x9d02c0 (jmp 0x89bb2490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x9d02a0 (jmp 0x89bb1e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x9d0210 (jmp 0x89bb1070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x9d0280 (jmp 0x89bb1f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x9d01d0 (jmp 0x89bb1a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x9d02e0 (jmp 0x89bb1fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x9d0430 (jmp 0x89bb1770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x9d0380 (jmp 0x89bb2610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x9d02b0 (jmp 0x89bb1920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x76f80300 (jmp 0x1624b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x76f803e0 (jmp 0x162500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x76f80440 (jmp 0x162990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x76f80360 (jmp 0x162750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x76f80370 (jmp 0x1619b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f803a0 (jmp 0x162650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f803d0 (jmp 0x162760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f803c0 (jmp 0x161f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x76f803b0 (jmp 0x162520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x76f80420 (jmp 0x161290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x76f803f0 (jmp 0x161510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x76f80260 (jmp 0x161390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x76f80330 (jmp 0x161960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f80490 (jmp 0x161bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x76f80410 (jmp 0x161290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x76f80320 (jmp 0x161ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x76f801e0 (jmp 0x161140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f80340 (jmp 0x162020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x76f80240 (jmp 0x1619e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x76f80290 (jmp 0x161950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x76f80200 (jmp 0x161150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x76f80460 (jmp 0x162800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x76f801f0 (jmp 0x1610d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x76f80350 (jmp 0x161a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x76f80220 (jmp 0x1621e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x76f80450 (jmp 0x1629f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x76f80230 (jmp 0x161d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x76f80250 (jmp 0x161390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x76f80310 (jmp 0x1625f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x76f80400 (jmp 0x161f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f80390 (jmp 0x162160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x76f802d0 (jmp 0x162520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f80470 (jmp 0x162270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f80480 (jmp 0x161bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f802f0 (jmp 0x161a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x76f802c0 (jmp 0x162490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f802a0 (jmp 0x161e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x76f80210 (jmp 0x161070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x76f80280 (jmp 0x161f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x76f801d0 (jmp 0x161a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x76f802e0 (jmp 0x161fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f80430 (jmp 0x161770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f80380 (jmp 0x162610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f802b0 (jmp 0x161920|jmp 0xfffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0xce0300 (jmp 0x89ec24b0|jmp 0xfffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0xce03e0 (jmp 0x89ec2500|jmp 0xfffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0xce0440 (jmp 0x89ec2990|jmp 0xfffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0xce0360 (jmp 0x89ec2750|jmp 0xfffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0xce0370 (jmp 0x89ec19b0|jmp 0xfffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0xce03a0 (jmp 0x89ec2650|jmp 0xfffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0xce03d0 (jmp 0x89ec2760|jmp 0xfffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0xce03c0 (jmp 0x89ec1f90|jmp 0xfffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0xce03b0 (jmp 0x89ec2520|jmp 0xfffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0xce0420 (jmp 0x89ec1290|jmp 0xfffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0xce03f0 (jmp 0x89ec1510|jmp 0xfffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0xce0260 (jmp 0x89ec1390|jmp 0xfffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0xce0330 (jmp 0x89ec1960|jmp 0xfffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0xce0490 (jmp 0x89ec1bf0|jmp 0xfffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0xce0410 (jmp 0x89ec1290|jmp 0xfffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0xce0320 (jmp 0x89ec1ee0|jmp 0xfffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0xce01e0 (jmp 0x89ec1140|jmp 0xfffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0xce0340 (jmp 0x89ec2020|jmp 0xfffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0xce0240 (jmp 0x89ec19e0|jmp 0xfffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0xce0290 (jmp 0x89ec1950|jmp 0xfffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0xce0200 (jmp 0x89ec1150|jmp 0xfffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0xce0460 (jmp 0x89ec2800|jmp 0xfffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0xce01f0 (jmp 0x89ec10d0|jmp 0xfffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0xce0350 (jmp 0x89ec1a70|jmp 0xfffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0xce0220 (jmp 0x89ec21e0|jmp 0xfffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0xce0450 (jmp 0x89ec29f0|jmp 0xfffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0xce0230 (jmp 0x89ec1d50|jmp 0xfffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0xce0250 (jmp 0x89ec1390|jmp 0xfffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0xce0310 (jmp 0x89ec25f0|jmp 0xfffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0xce0400 (jmp 0x89ec1f50|jmp 0xfffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0xce0390 (jmp 0x89ec2160|jmp 0xfffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0xce02d0 (jmp 0x89ec2520|jmp 0xfffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0xce0470 (jmp 0x89ec2270|jmp 0xfffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0xce0480 (jmp 0x89ec1bf0|jmp 0xfffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0xce02f0 (jmp 0x89ec1a20|jmp 0xfffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0xce02c0 (jmp 0x89ec2490|jmp 0xfffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0xce02a0 (jmp 0x89ec1e90|jmp 0xfffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0xce0210 (jmp 0x89ec1070|jmp 0xfffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0xce0280 (jmp 0x89ec1f00|jmp 0xfffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0xce01d0 (jmp 0x89ec1a30|jmp 0xfffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0xce02e0 (jmp 0x89ec1fd0|jmp 0xfffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0xce0430 (jmp 0x89ec1770|jmp 0xfffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0xce0380 (jmp 0x89ec2610|jmp 0xfffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0xce02b0 (jmp 0x89ec1920|jmp 0xfffffd49|jmp 0x19b)
¤¤¤ Web browsers : 4 ¤¤¤
[FIREFX:Addon] vlz4iwuw.default : Avast Online Security [wrc@avast.com] -> Deleted
[FIREFX:Addon] vlz4iwuw.default : CinemaPlus-3.2cV18.10 [d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com] -> Deleted
[PUP][FIREFX:Addon] vlz4iwuw.default : Default SearchProtected [defsearchp@gmail.com] -> Deleted
[PUP][FIREFX:Addon] vlz4iwuw.default : deskCut [deskCutv2@gmail.com] -> Deleted
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 05b8ee1c75096f39d41f6b1bc3c962be
[BSP] 6ac3e874b01e3e47f2da1f8ddbc6b5d3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 670402 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1373394944 | Size: 29693 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] e8e9646b0f0028740c6c9323b5b74231
[BSP] 5f1293a60a2171c776bf9958b0ae620d : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
-
fulldragons
- Level 1.5
- Příspěvky: 100
- Registrován: listopad 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Zoek
Zoek.exe v5.0.0.1 Updated 16-November-2015
Tool run by Filip on Łt 17.11.2015 at 14:30:46,28.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Filip\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17.11.2015 14:33:07 Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\GUMAEC5.tmp deleted successfully
C:\PROGRA~3\LenovoRIC deleted successfully
C:\Users\Filip\AppData\Roaming\Opera Software deleted successfully
C:\Users\Filip\AppData\Roaming\TP deleted successfully
C:\Users\Filip\AppData\Local\Intel Wireless Display deleted successfully
C:\Users\Filip\AppData\Local\Opera Software deleted successfully
C:\Users\Filip\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfee SiteAdvisor Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McAfee SiteAdvisor Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssTrayService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssTrayService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssWd deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\vlz4iwuw.default\prefs.js:
Added to C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\vlz4iwuw.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\GUMAEC5.tmp not found
C:\PROGRA~3\OneKey Recovery deleted
C:\PROGRA~2\GUM22CB.tmp deleted
C:\PROGRA~2\Hotspot Shield deleted
C:\Users\Filip\AppData\Roaming\Hotspot Shield deleted
C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\Hotspot Shield deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Filip\AppData\Local\cache deleted
C:\windows\sysWoW64\config\systemprofile\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield deleted
C:\Users\Filip\Downloads\ReimageRepair (1).exe deleted
C:\Users\Filip\Downloads\ReimageRepair.exe deleted
C:\windows\Syswow64\Hotspot Shield deleted
C:\Users\Filip\Desktop\ikov\serv\Softonic.dat deleted
"C:\Users\Filip\AppData\Roaming\6v6aWVLlgUG61n7CTJHPsMoB55" deleted
"C:\windows\tasks\6v6aWVLlgUG61n7CTJHPsMoB55.job" deleted
"C:\Users\Filip\AppData\Roaming\gUcxGhYL2JSqI30wH" deleted
"C:\windows\tasks\gUcxGhYL2JSqI30wH.job" deleted
"C:\Users\Filip\AppData\Roaming\N7iKw185WkR5gLYjFhp4x6Zkkh" deleted
"C:\windows\tasks\N7iKw185WkR5gLYjFhp4x6Zkkh.job" deleted
"C:\Users\Filip\AppData\Roaming\qNe2u2YrIKW3OxNOdger6vIQzuN" deleted
"C:\windows\tasks\qNe2u2YrIKW3OxNOdger6vIQzuN.job" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\vlz4iwuw.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [27.09.2015 11:08]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
egjenocndklfkoihpolcfmgcpfdlbdln - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[27.09.2015 13:11]
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[27.09.2015 11:08]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[27.09.2015 11:08]
Seznam Lištička - Email - Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
avast EasyPass - Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjenocndklfkoihpolcfmgcpfdlbdln
Avast SafePrice - Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Seznam Lištička - Rychlá volba - Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
==== Chromium Fix ======================
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage deleted successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.com-dailydeals.pubfit.com_0.localstorage deleted successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.com-dailydeals.pubfit.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
==== Reset Google Chrome ======================
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF338193b.TMP was reset successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_5E4900BDB13E6DEAC464305022C4994E deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_6495E1029E6D15BFF636ECFC5D36A15E deleted successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Filip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=534 folders=76 79350839 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Filip\AppData\Local\Temp will be emptied at reboot
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Filip\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Łt 17.11.2015 at 15:00:29,98 ======================
Zoek.exe v5.0.0.1 Updated 16-November-2015
Tool run by Filip on Łt 17.11.2015 at 14:30:46,28.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Filip\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17.11.2015 14:33:07 Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\GUMAEC5.tmp deleted successfully
C:\PROGRA~3\LenovoRIC deleted successfully
C:\Users\Filip\AppData\Roaming\Opera Software deleted successfully
C:\Users\Filip\AppData\Roaming\TP deleted successfully
C:\Users\Filip\AppData\Local\Intel Wireless Display deleted successfully
C:\Users\Filip\AppData\Local\Opera Software deleted successfully
C:\Users\Filip\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfee SiteAdvisor Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McAfee SiteAdvisor Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssTrayService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssTrayService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssWd deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\vlz4iwuw.default\prefs.js:
Added to C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\vlz4iwuw.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\GUMAEC5.tmp not found
C:\PROGRA~3\OneKey Recovery deleted
C:\PROGRA~2\GUM22CB.tmp deleted
C:\PROGRA~2\Hotspot Shield deleted
C:\Users\Filip\AppData\Roaming\Hotspot Shield deleted
C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\Hotspot Shield deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Filip\AppData\Local\cache deleted
C:\windows\sysWoW64\config\systemprofile\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield deleted
C:\Users\Filip\Downloads\ReimageRepair (1).exe deleted
C:\Users\Filip\Downloads\ReimageRepair.exe deleted
C:\windows\Syswow64\Hotspot Shield deleted
C:\Users\Filip\Desktop\ikov\serv\Softonic.dat deleted
"C:\Users\Filip\AppData\Roaming\6v6aWVLlgUG61n7CTJHPsMoB55" deleted
"C:\windows\tasks\6v6aWVLlgUG61n7CTJHPsMoB55.job" deleted
"C:\Users\Filip\AppData\Roaming\gUcxGhYL2JSqI30wH" deleted
"C:\windows\tasks\gUcxGhYL2JSqI30wH.job" deleted
"C:\Users\Filip\AppData\Roaming\N7iKw185WkR5gLYjFhp4x6Zkkh" deleted
"C:\windows\tasks\N7iKw185WkR5gLYjFhp4x6Zkkh.job" deleted
"C:\Users\Filip\AppData\Roaming\qNe2u2YrIKW3OxNOdger6vIQzuN" deleted
"C:\windows\tasks\qNe2u2YrIKW3OxNOdger6vIQzuN.job" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\vlz4iwuw.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [27.09.2015 11:08]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
egjenocndklfkoihpolcfmgcpfdlbdln - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[27.09.2015 13:11]
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[27.09.2015 11:08]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[27.09.2015 11:08]
Seznam Lištička - Email - Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
avast EasyPass - Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjenocndklfkoihpolcfmgcpfdlbdln
Avast SafePrice - Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Seznam Lištička - Rychlá volba - Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
==== Chromium Fix ======================
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage deleted successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.com-dailydeals.pubfit.com_0.localstorage deleted successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.com-dailydeals.pubfit.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
==== Reset Google Chrome ======================
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF338193b.TMP was reset successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_5E4900BDB13E6DEAC464305022C4994E deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_6495E1029E6D15BFF636ECFC5D36A15E deleted successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Filip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=534 folders=76 79350839 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Filip\AppData\Local\Temp will be emptied at reboot
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Filip\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Łt 17.11.2015 at 15:00:29,98 ======================
-
fulldragons
- Level 1.5
- Příspěvky: 100
- Registrován: listopad 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
combo fix
ComboFix 15-11-17.01 - Filip 17.11.2015 15:12:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4040.2277 [GMT 1:00]
Spuštěný z: c:\users\Filip\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Filip\WINDOWS
c:\users\Filip\WINDOWS\crc32.crc
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-10-17 do 2015-11-17 )))))))))))))))))))))))))))))))
.
.
2015-11-17 14:23 . 2015-11-17 14:23 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D213819F-A134-4FDB-AF2E-E9008D5AB8DC}\offreg.5500.dll
2015-11-17 14:22 . 2015-11-17 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-17 14:00 . 2015-11-17 14:00 -------- d-----w- c:\users\Filip\AppData\Local\VirtualStore
2015-11-17 13:55 . 2015-11-17 13:30 24064 ----a-w- c:\windows\zoek-delete.exe
2015-11-17 13:55 . 2015-11-17 14:22 -------- d-----w- c:\users\Filip\AppData\Local\Temp
2015-11-17 13:30 . 2015-11-17 13:51 -------- d-----w- C:\zoek_backup
2015-11-17 08:06 . 2015-11-17 08:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D213819F-A134-4FDB-AF2E-E9008D5AB8DC}\offreg.4796.dll
2015-11-16 13:20 . 2015-11-16 13:20 -------- d-----w- c:\users\Filip\AppData\Local\Apple Computer
2015-11-16 13:20 . 2015-11-16 13:22 -------- d-----w- c:\users\Filip\AppData\Roaming\Apple Computer
2015-11-16 13:16 . 2015-11-16 13:16 -------- d-----w- c:\program files (x86)\iTunes
2015-11-16 13:16 . 2015-11-16 13:16 -------- d-----w- c:\program files\iPod
2015-11-16 13:16 . 2015-11-16 13:19 -------- d-----w- c:\program files\iTunes
2015-11-16 13:16 . 2015-11-16 13:16 -------- d-----w- c:\programdata\Apple Computer
2015-11-16 13:13 . 2015-11-16 13:13 -------- d-----w- c:\users\Filip\AppData\Local\Apple
2015-11-16 13:13 . 2015-11-16 13:13 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-11-16 13:12 . 2015-11-16 13:12 -------- d-----w- c:\program files\Bonjour
2015-11-16 13:12 . 2015-11-16 13:12 -------- d-----w- c:\program files (x86)\Bonjour
2015-11-16 13:10 . 2015-11-16 13:16 -------- d-----w- c:\program files\Common Files\Apple
2015-11-16 13:08 . 2015-11-16 13:13 -------- d-----w- c:\programdata\Apple
2015-11-16 13:08 . 2015-11-16 13:12 -------- d-----w- c:\program files (x86)\Common Files\Apple
2015-11-15 13:42 . 2015-11-17 12:51 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-15 13:42 . 2015-11-15 14:16 -------- d-----w- c:\programdata\RogueKiller
2015-11-14 19:11 . 2015-11-15 12:56 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-14 19:10 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-14 19:10 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-14 19:10 . 2015-11-14 19:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-11-14 19:10 . 2015-11-14 19:10 -------- d-----w- c:\programdata\Malwarebytes
2015-11-14 19:10 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-14 19:05 . 2015-11-15 12:08 -------- d-----w- C:\AdwCleaner
2015-11-14 18:55 . 2015-11-14 18:55 -------- d-----w- c:\users\Filip\AppData\Local\VS Revo Group
2015-11-14 18:55 . 2015-11-14 18:55 -------- d-----w- c:\programdata\VS Revo Group
2015-11-14 18:55 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-11-14 18:55 . 2015-11-14 18:55 -------- d-----w- c:\program files\VS Revo Group
2015-11-14 17:43 . 2015-11-14 17:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-11-14 17:40 . 2015-11-14 17:40 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-11-14 17:40 . 2015-10-21 17:10 110176 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2015-11-14 17:40 . 2015-11-14 17:40 -------- d-----w- c:\program files (x86)\Java
2015-11-14 02:07 . 2004-01-11 23:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2015-11-14 02:07 . 2003-03-19 02:14 499712 ----a-w- c:\windows\SysWow64\MSVCP71.DLL
2015-11-14 00:23 . 2015-11-17 10:44 -------- d-----w- C:\Simba
2015-11-13 21:52 . 2015-11-13 21:52 -------- d-----w- c:\users\Filip\AppData\Roaming\NVIDIA
2015-11-13 21:39 . 2015-11-13 21:39 -------- d-----w- c:\users\Filip\AppData\Local\NVIDIA Corporation
2015-11-13 21:39 . 2015-11-13 21:39 -------- d-----w- c:\users\Filip\AppData\Local\NVIDIA
2015-11-13 21:38 . 2015-11-05 17:13 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-11-13 21:38 . 2015-11-05 17:13 1710752 ----a-w- c:\windows\system32\nvspcap64.dll
2015-11-13 21:38 . 2015-11-05 17:13 1423304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-11-13 21:38 . 2015-11-05 17:13 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-11-13 21:32 . 2015-11-13 21:32 -------- d-----w- c:\windows\SysWow64\NV
2015-11-13 21:32 . 2015-11-13 21:32 -------- d-----w- c:\windows\system32\NV
2015-11-13 21:24 . 2015-11-13 21:24 -------- d-----w- C:\NVIDIA
2015-11-13 20:44 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2015-11-13 20:44 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2015-11-13 20:44 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2015-11-13 20:44 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2015-11-13 20:42 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2015-11-13 20:41 . 2007-03-12 15:42 4494184 ----a-w- c:\windows\system32\d3dx9_33.dll
2015-11-13 20:40 . 2006-03-31 11:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2015-11-13 19:19 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D213819F-A134-4FDB-AF2E-E9008D5AB8DC}\mpengine.dll
2015-11-12 06:31 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 05:34 . 2015-10-29 17:49 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-11-11 05:33 . 2015-11-03 22:10 814280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-11-11 05:30 . 2015-10-20 01:12 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-11-11 05:29 . 2015-10-13 16:40 118272 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 05:29 . 2015-10-13 16:41 497664 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-11 05:12 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-10-25 13:10 . 2015-10-25 13:10 -------- d-----w- c:\users\Filip\AppData\Local\Dassault Systemes
2015-10-25 12:56 . 2015-10-25 13:10 -------- d-----w- c:\users\Filip\AppData\Roaming\DraftSight
2015-10-25 12:55 . 2015-10-25 12:55 -------- d-----w- c:\programdata\Dassault Systemes
2015-10-25 12:55 . 2015-10-25 12:55 -------- d-----w- c:\program files\Dassault Systemes
2015-10-23 15:46 . 2015-10-23 15:47 -------- d-----w- c:\users\Filip\RealityOSRS
2015-10-21 19:25 . 2015-10-21 19:25 -------- d-----w- c:\users\Filip\AppData\Local\Macromedia
2015-10-19 18:27 . 2015-11-13 16:48 12710 ----a-w- c:\windows\system32\Native.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-11 08:17 . 2015-09-27 11:56 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-11 08:17 . 2015-09-27 11:56 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-11-06 22:11 . 2015-09-27 10:09 449992 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-11-06 22:11 . 2015-09-27 10:09 1059656 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-11-05 17:13 . 2011-10-18 12:02 177600 ----a-w- c:\windows\system32\nvinitx.dll
2015-11-05 17:13 . 2011-10-18 12:02 155792 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-11-05 15:13 . 2011-05-02 19:35 6358648 ----a-w- c:\windows\system32\nvcpl.dll
2015-11-05 15:13 . 2011-05-02 19:35 2983032 ----a-w- c:\windows\system32\nvsvc64.dll
2015-11-05 15:13 . 2011-05-02 19:36 938616 ----a-w- c:\windows\system32\nvvsvc.exe
2015-11-05 15:13 . 2011-05-02 19:36 114296 ----a-w- c:\windows\SysWow64\oemdspif.dll
2015-11-05 15:13 . 2011-05-02 19:36 62584 ----a-w- c:\windows\system32\nvshext.dll
2015-11-05 15:13 . 2011-05-02 19:36 385328 ----a-w- c:\windows\system32\nvmctray.dll
2015-11-05 15:13 . 2011-05-02 19:36 74872 ----a-w- c:\windows\system32\nv3dappshextr.dll
2015-11-05 15:13 . 2011-05-02 19:36 523568 ----a-w- c:\windows\system32\nv3dappshext.dll
2015-11-05 15:13 . 2011-05-02 19:36 2554488 ----a-w- c:\windows\system32\nvsvcr.dll
2015-10-29 17:50 . 2015-11-11 05:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 05:34 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 05:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 05:34 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:49 . 2015-11-11 05:34 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 05:34 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 05:34 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 05:34 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-11-11 05:34 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-28 07:42 . 2011-05-02 19:36 6027430 ----a-w- c:\windows\system32\nvcoproc.bin
2015-10-21 17:10 . 2015-09-27 21:28 110176 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-10-20 01:05 . 2015-11-11 05:30 344064 ----a-w- c:\windows\system32\schannel.dll
2015-10-20 00:45 . 2015-11-11 05:30 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-10-20 00:45 . 2015-11-11 05:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-01 18:06 . 2015-10-13 19:02 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-01 18:04 . 2015-10-13 19:02 616360 ----a-w- c:\windows\system32\winresume.efi
2015-10-01 18:00 . 2015-10-13 19:02 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 18:00 . 2015-10-13 19:02 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 18:00 . 2015-10-13 19:02 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 18:00 . 2015-10-13 19:02 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 18:00 . 2015-10-13 19:02 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 17:50 . 2015-10-13 19:02 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-10-01 17:00 . 2015-10-13 19:02 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-29 10:04 . 2015-09-29 10:04 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-09-29 10:04 . 2015-09-29 10:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-09-29 10:04 . 2015-09-29 10:04 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-09-29 10:04 . 2015-09-29 10:04 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-09-29 10:04 . 2015-09-29 10:04 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-09-29 10:04 . 2015-09-29 10:04 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-09-29 10:04 . 2015-09-29 10:04 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-09-29 10:04 . 2015-09-29 10:04 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-09-29 10:04 . 2015-09-29 10:04 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-09-29 10:04 . 2015-09-29 10:04 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-09-29 10:04 . 2015-09-29 10:04 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-09-29 10:04 . 2015-09-29 10:04 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-09-29 10:04 . 2015-09-29 10:04 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-09-29 10:04 . 2015-09-29 10:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-09-29 10:04 . 2015-09-29 10:04 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-09-29 10:04 . 2015-09-29 10:04 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-09-29 10:04 . 2015-09-29 10:04 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-09-29 10:04 . 2015-09-29 10:04 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-09-29 10:04 . 2015-09-29 10:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-09-29 10:04 . 2015-09-29 10:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-09-29 10:04 . 2015-09-29 10:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-09-29 10:04 . 2015-09-29 10:04 247808 ----a-w- c:\windows\system32\msls31.dll
2015-09-29 10:04 . 2015-09-29 10:04 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-09-29 10:04 . 2015-09-29 10:04 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-09-29 10:04 . 2015-09-29 10:04 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-09-29 10:04 . 2015-09-29 10:04 81408 ----a-w- c:\windows\system32\icardie.dll
2015-09-29 10:04 . 2015-09-29 10:04 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-09-29 10:04 . 2015-09-29 10:04 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-09-29 10:04 . 2015-09-29 10:04 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-09-29 10:04 . 2015-09-29 10:04 235520 ----a-w- c:\windows\system32\url.dll
2015-09-29 10:04 . 2015-09-29 10:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-09-29 10:04 . 2015-09-29 10:04 143872 ----a-w- c:\windows\system32\wextract.exe
2015-09-29 10:04 . 2015-09-29 10:04 13824 ----a-w- c:\windows\system32\mshta.exe
2015-09-29 10:04 . 2015-09-29 10:04 101376 ----a-w- c:\windows\system32\inseng.dll
2015-09-29 10:03 . 2015-09-29 10:03 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-09-29 10:03 . 2015-09-29 10:03 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-09-28 21:09 . 2015-09-28 21:09 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-09-28 21:09 . 2015-09-28 21:09 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-09-28 21:09 . 2015-09-28 21:09 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-09-28 21:09 . 2015-09-28 21:09 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-09-28 21:09 . 2015-09-28 21:09 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-09-28 21:09 . 2015-09-28 21:09 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-09-28 21:09 . 2015-09-28 21:09 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-09-28 21:09 . 2015-09-28 21:09 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2015-09-27 100200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-10-18 329056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-06 6133520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-06 596528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-04 1081224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 myqityze;Right Button Cartridge; [x]
R2 zixusoju;Paper Tray Control Panel; [x]
R3 cpuz134;cpuz134;c:\users\Filip\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Filip\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys;c:\windows\SYSNATIVE\drivers\winioex.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LGCoreTemp;Logitech CPU Core Tempurature;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [x]
S2 LogiRegistryService;Logitech Gaming Registry Service;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys;c:\windows\SYSNATIVE\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys;c:\windows\SYSNATIVE\DRIVERS\jmccgp.sys [x]
S3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys;c:\windows\SYSNATIVE\Drivers\jmcam.sys [x]
S3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys;c:\windows\SYSNATIVE\Drivers\jmcam_lo.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-11 15:08 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-27 08:17]
.
2015-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 10:02]
.
2015-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 10:02]
.
2015-11-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4b63fc7f-ce21-444c-9705-1458e001ff02.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-11-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e7e0b488-e5e0-4919-8f13-1d5b76c4b7f9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-27 10:08 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-10-18 12:45 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-10-18 789920]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-10-18 206176]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-10-18 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-10-18 5908928]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2015-09-19 15003256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-01 183216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-01 411056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-01 453552]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-11-05 2655520]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-11-05 1710752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-10-16 170256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>;*.local
IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show avast! EasyPass Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\vlz4iwuw.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Filip\AppData\Local\Akamai\netsession_win.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-11-17 15:26:58
ComboFix-quarantined-files.txt 2015-11-17 14:26
.
Před spuštěním: Volných bajtů: 591 583 240 192
Po spuštění: Volných bajtů: 591 173 140 480
.
- - End Of File - - 994735BD652BE11A2DD19C83AAF80F74
ComboFix 15-11-17.01 - Filip 17.11.2015 15:12:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4040.2277 [GMT 1:00]
Spuštěný z: c:\users\Filip\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Filip\WINDOWS
c:\users\Filip\WINDOWS\crc32.crc
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-10-17 do 2015-11-17 )))))))))))))))))))))))))))))))
.
.
2015-11-17 14:23 . 2015-11-17 14:23 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D213819F-A134-4FDB-AF2E-E9008D5AB8DC}\offreg.5500.dll
2015-11-17 14:22 . 2015-11-17 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-17 14:00 . 2015-11-17 14:00 -------- d-----w- c:\users\Filip\AppData\Local\VirtualStore
2015-11-17 13:55 . 2015-11-17 13:30 24064 ----a-w- c:\windows\zoek-delete.exe
2015-11-17 13:55 . 2015-11-17 14:22 -------- d-----w- c:\users\Filip\AppData\Local\Temp
2015-11-17 13:30 . 2015-11-17 13:51 -------- d-----w- C:\zoek_backup
2015-11-17 08:06 . 2015-11-17 08:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D213819F-A134-4FDB-AF2E-E9008D5AB8DC}\offreg.4796.dll
2015-11-16 13:20 . 2015-11-16 13:20 -------- d-----w- c:\users\Filip\AppData\Local\Apple Computer
2015-11-16 13:20 . 2015-11-16 13:22 -------- d-----w- c:\users\Filip\AppData\Roaming\Apple Computer
2015-11-16 13:16 . 2015-11-16 13:16 -------- d-----w- c:\program files (x86)\iTunes
2015-11-16 13:16 . 2015-11-16 13:16 -------- d-----w- c:\program files\iPod
2015-11-16 13:16 . 2015-11-16 13:19 -------- d-----w- c:\program files\iTunes
2015-11-16 13:16 . 2015-11-16 13:16 -------- d-----w- c:\programdata\Apple Computer
2015-11-16 13:13 . 2015-11-16 13:13 -------- d-----w- c:\users\Filip\AppData\Local\Apple
2015-11-16 13:13 . 2015-11-16 13:13 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-11-16 13:12 . 2015-11-16 13:12 -------- d-----w- c:\program files\Bonjour
2015-11-16 13:12 . 2015-11-16 13:12 -------- d-----w- c:\program files (x86)\Bonjour
2015-11-16 13:10 . 2015-11-16 13:16 -------- d-----w- c:\program files\Common Files\Apple
2015-11-16 13:08 . 2015-11-16 13:13 -------- d-----w- c:\programdata\Apple
2015-11-16 13:08 . 2015-11-16 13:12 -------- d-----w- c:\program files (x86)\Common Files\Apple
2015-11-15 13:42 . 2015-11-17 12:51 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-15 13:42 . 2015-11-15 14:16 -------- d-----w- c:\programdata\RogueKiller
2015-11-14 19:11 . 2015-11-15 12:56 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-14 19:10 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-14 19:10 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-14 19:10 . 2015-11-14 19:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-11-14 19:10 . 2015-11-14 19:10 -------- d-----w- c:\programdata\Malwarebytes
2015-11-14 19:10 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-14 19:05 . 2015-11-15 12:08 -------- d-----w- C:\AdwCleaner
2015-11-14 18:55 . 2015-11-14 18:55 -------- d-----w- c:\users\Filip\AppData\Local\VS Revo Group
2015-11-14 18:55 . 2015-11-14 18:55 -------- d-----w- c:\programdata\VS Revo Group
2015-11-14 18:55 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-11-14 18:55 . 2015-11-14 18:55 -------- d-----w- c:\program files\VS Revo Group
2015-11-14 17:43 . 2015-11-14 17:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-11-14 17:40 . 2015-11-14 17:40 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-11-14 17:40 . 2015-10-21 17:10 110176 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2015-11-14 17:40 . 2015-11-14 17:40 -------- d-----w- c:\program files (x86)\Java
2015-11-14 02:07 . 2004-01-11 23:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2015-11-14 02:07 . 2003-03-19 02:14 499712 ----a-w- c:\windows\SysWow64\MSVCP71.DLL
2015-11-14 00:23 . 2015-11-17 10:44 -------- d-----w- C:\Simba
2015-11-13 21:52 . 2015-11-13 21:52 -------- d-----w- c:\users\Filip\AppData\Roaming\NVIDIA
2015-11-13 21:39 . 2015-11-13 21:39 -------- d-----w- c:\users\Filip\AppData\Local\NVIDIA Corporation
2015-11-13 21:39 . 2015-11-13 21:39 -------- d-----w- c:\users\Filip\AppData\Local\NVIDIA
2015-11-13 21:38 . 2015-11-05 17:13 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-11-13 21:38 . 2015-11-05 17:13 1710752 ----a-w- c:\windows\system32\nvspcap64.dll
2015-11-13 21:38 . 2015-11-05 17:13 1423304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-11-13 21:38 . 2015-11-05 17:13 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-11-13 21:32 . 2015-11-13 21:32 -------- d-----w- c:\windows\SysWow64\NV
2015-11-13 21:32 . 2015-11-13 21:32 -------- d-----w- c:\windows\system32\NV
2015-11-13 21:24 . 2015-11-13 21:24 -------- d-----w- C:\NVIDIA
2015-11-13 20:44 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2015-11-13 20:44 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2015-11-13 20:44 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2015-11-13 20:44 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2015-11-13 20:42 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2015-11-13 20:41 . 2007-03-12 15:42 4494184 ----a-w- c:\windows\system32\d3dx9_33.dll
2015-11-13 20:40 . 2006-03-31 11:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2015-11-13 19:19 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D213819F-A134-4FDB-AF2E-E9008D5AB8DC}\mpengine.dll
2015-11-12 06:31 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 05:34 . 2015-10-29 17:49 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-11-11 05:33 . 2015-11-03 22:10 814280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-11-11 05:30 . 2015-10-20 01:12 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-11-11 05:29 . 2015-10-13 16:40 118272 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 05:29 . 2015-10-13 16:41 497664 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-11 05:12 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-10-25 13:10 . 2015-10-25 13:10 -------- d-----w- c:\users\Filip\AppData\Local\Dassault Systemes
2015-10-25 12:56 . 2015-10-25 13:10 -------- d-----w- c:\users\Filip\AppData\Roaming\DraftSight
2015-10-25 12:55 . 2015-10-25 12:55 -------- d-----w- c:\programdata\Dassault Systemes
2015-10-25 12:55 . 2015-10-25 12:55 -------- d-----w- c:\program files\Dassault Systemes
2015-10-23 15:46 . 2015-10-23 15:47 -------- d-----w- c:\users\Filip\RealityOSRS
2015-10-21 19:25 . 2015-10-21 19:25 -------- d-----w- c:\users\Filip\AppData\Local\Macromedia
2015-10-19 18:27 . 2015-11-13 16:48 12710 ----a-w- c:\windows\system32\Native.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-11 08:17 . 2015-09-27 11:56 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-11 08:17 . 2015-09-27 11:56 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-11-06 22:11 . 2015-09-27 10:09 449992 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-11-06 22:11 . 2015-09-27 10:09 1059656 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-11-05 17:13 . 2011-10-18 12:02 177600 ----a-w- c:\windows\system32\nvinitx.dll
2015-11-05 17:13 . 2011-10-18 12:02 155792 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-11-05 15:13 . 2011-05-02 19:35 6358648 ----a-w- c:\windows\system32\nvcpl.dll
2015-11-05 15:13 . 2011-05-02 19:35 2983032 ----a-w- c:\windows\system32\nvsvc64.dll
2015-11-05 15:13 . 2011-05-02 19:36 938616 ----a-w- c:\windows\system32\nvvsvc.exe
2015-11-05 15:13 . 2011-05-02 19:36 114296 ----a-w- c:\windows\SysWow64\oemdspif.dll
2015-11-05 15:13 . 2011-05-02 19:36 62584 ----a-w- c:\windows\system32\nvshext.dll
2015-11-05 15:13 . 2011-05-02 19:36 385328 ----a-w- c:\windows\system32\nvmctray.dll
2015-11-05 15:13 . 2011-05-02 19:36 74872 ----a-w- c:\windows\system32\nv3dappshextr.dll
2015-11-05 15:13 . 2011-05-02 19:36 523568 ----a-w- c:\windows\system32\nv3dappshext.dll
2015-11-05 15:13 . 2011-05-02 19:36 2554488 ----a-w- c:\windows\system32\nvsvcr.dll
2015-10-29 17:50 . 2015-11-11 05:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 05:34 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 05:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 05:34 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:49 . 2015-11-11 05:34 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 05:34 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 05:34 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 05:34 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-11-11 05:34 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-28 07:42 . 2011-05-02 19:36 6027430 ----a-w- c:\windows\system32\nvcoproc.bin
2015-10-21 17:10 . 2015-09-27 21:28 110176 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-10-20 01:05 . 2015-11-11 05:30 344064 ----a-w- c:\windows\system32\schannel.dll
2015-10-20 00:45 . 2015-11-11 05:30 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-10-20 00:45 . 2015-11-11 05:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-01 18:06 . 2015-10-13 19:02 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-01 18:04 . 2015-10-13 19:02 616360 ----a-w- c:\windows\system32\winresume.efi
2015-10-01 18:00 . 2015-10-13 19:02 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 18:00 . 2015-10-13 19:02 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 18:00 . 2015-10-13 19:02 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 18:00 . 2015-10-13 19:02 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 18:00 . 2015-10-13 19:02 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 17:50 . 2015-10-13 19:02 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-10-01 17:00 . 2015-10-13 19:02 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-29 10:04 . 2015-09-29 10:04 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-09-29 10:04 . 2015-09-29 10:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-09-29 10:04 . 2015-09-29 10:04 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-09-29 10:04 . 2015-09-29 10:04 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-09-29 10:04 . 2015-09-29 10:04 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-09-29 10:04 . 2015-09-29 10:04 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-09-29 10:04 . 2015-09-29 10:04 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-09-29 10:04 . 2015-09-29 10:04 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-09-29 10:04 . 2015-09-29 10:04 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-09-29 10:04 . 2015-09-29 10:04 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-09-29 10:04 . 2015-09-29 10:04 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-09-29 10:04 . 2015-09-29 10:04 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-09-29 10:04 . 2015-09-29 10:04 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-09-29 10:04 . 2015-09-29 10:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-09-29 10:04 . 2015-09-29 10:04 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-09-29 10:04 . 2015-09-29 10:04 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-09-29 10:04 . 2015-09-29 10:04 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-09-29 10:04 . 2015-09-29 10:04 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-09-29 10:04 . 2015-09-29 10:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-09-29 10:04 . 2015-09-29 10:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-09-29 10:04 . 2015-09-29 10:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-09-29 10:04 . 2015-09-29 10:04 247808 ----a-w- c:\windows\system32\msls31.dll
2015-09-29 10:04 . 2015-09-29 10:04 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-09-29 10:04 . 2015-09-29 10:04 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-09-29 10:04 . 2015-09-29 10:04 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-09-29 10:04 . 2015-09-29 10:04 81408 ----a-w- c:\windows\system32\icardie.dll
2015-09-29 10:04 . 2015-09-29 10:04 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-09-29 10:04 . 2015-09-29 10:04 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-09-29 10:04 . 2015-09-29 10:04 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-09-29 10:04 . 2015-09-29 10:04 235520 ----a-w- c:\windows\system32\url.dll
2015-09-29 10:04 . 2015-09-29 10:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-09-29 10:04 . 2015-09-29 10:04 143872 ----a-w- c:\windows\system32\wextract.exe
2015-09-29 10:04 . 2015-09-29 10:04 13824 ----a-w- c:\windows\system32\mshta.exe
2015-09-29 10:04 . 2015-09-29 10:04 101376 ----a-w- c:\windows\system32\inseng.dll
2015-09-29 10:03 . 2015-09-29 10:03 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-09-29 10:03 . 2015-09-29 10:03 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-09-28 21:09 . 2015-09-28 21:09 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-09-28 21:09 . 2015-09-28 21:09 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-09-28 21:09 . 2015-09-28 21:09 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-09-28 21:09 . 2015-09-28 21:09 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-09-28 21:09 . 2015-09-28 21:09 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-09-28 21:09 . 2015-09-28 21:09 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-09-28 21:09 . 2015-09-28 21:09 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-09-28 21:09 . 2015-09-28 21:09 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-09-28 21:09 . 2015-09-28 21:09 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2015-09-27 100200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-10-18 329056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-06 6133520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-06 596528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-04 1081224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 myqityze;Right Button Cartridge; [x]
R2 zixusoju;Paper Tray Control Panel; [x]
R3 cpuz134;cpuz134;c:\users\Filip\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Filip\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys;c:\windows\SYSNATIVE\drivers\winioex.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LGCoreTemp;Logitech CPU Core Tempurature;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [x]
S2 LogiRegistryService;Logitech Gaming Registry Service;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys;c:\windows\SYSNATIVE\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys;c:\windows\SYSNATIVE\DRIVERS\jmccgp.sys [x]
S3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys;c:\windows\SYSNATIVE\Drivers\jmcam.sys [x]
S3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys;c:\windows\SYSNATIVE\Drivers\jmcam_lo.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-11 15:08 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-27 08:17]
.
2015-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 10:02]
.
2015-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 10:02]
.
2015-11-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4b63fc7f-ce21-444c-9705-1458e001ff02.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-11-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e7e0b488-e5e0-4919-8f13-1d5b76c4b7f9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-27 10:08 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-10-18 12:45 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-10-18 789920]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-10-18 206176]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-10-18 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-10-18 5908928]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2015-09-19 15003256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-01 183216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-01 411056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-01 453552]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-11-05 2655520]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-11-05 1710752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-10-16 170256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>;*.local
IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show avast! EasyPass Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\vlz4iwuw.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Filip\AppData\Local\Akamai\netsession_win.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-11-17 15:26:58
ComboFix-quarantined-files.txt 2015-11-17 14:26
.
Před spuštěním: Volných bajtů: 591 583 240 192
Po spuštění: Volných bajtů: 591 173 140 480
.
- - End Of File - - 994735BD652BE11A2DD19C83AAF80F74
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\Native.exe
c:\windows\system32\drivers\winioex.sys
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
File::
c:\users\Filip\AppData\Local\Temp\cpuz134\cpuz134_x64.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\program files (x86)\Google\Update
Driver::
myqityze
zixusoju
cpuz134
DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>;*.local
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\Native.exe
c:\windows\system32\drivers\winioex.sys
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 77 hostů