| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: Webseiten werden auf andere Seiten umgeleitet.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.10.2013, 20:42
| #1 |
 |  Windows 7: Webseiten werden auf andere Seiten umgeleitet. Hallo, seid heute habe ich das Problem das wenn ich Google.de benutze ich auf falsche Seiten gelenkt werde die immer Variieren, wenn ich den Link aber mehrmals bestätige klappt es dann. Ich hab gegooglet und diverse Tips gelesen, Programme wie SuperAntiSpyware, HijackThis, Emisoft und SmartPcFixer habe ich benutzt... ohne erfolg. Das Antivirus Programm Avant schlug mehrmals an, ich habe es aber nun gelöscht da ich AntiVir draufhabe und sich da vielleicht auch irgendwas nicht verträgt. Bevor ich noch die falsche Datei mit HiJack lösche und noch mehr Programme installiere bitte ich um eure Hilfe denn langsam verzweifle ich. Firefox, Java, AdobeReader habe ich bereits so gelöscht. Weil Google Chrome meckerte das ich wohl Opfer eines Hackers bin löschte ich es ebenfalls. Über den IE und nach Nutzung divereser Programme kann ich über den IE normal Surfen, diverse Programme sagen mir aber immer noch das Malware vorhanden ist. Defogger habe ich Installiert und benutzt wie in der Beschreibung, ging alles glatt. Farbar wurde ebenfalls installiert und benutzt. Sämtliche Log Dateien sind im Anhang gepackt da zu groß. Mit freundliche Grüßen Patrik Edit: Laut dem Online Bitdefender habe ich den Trj. Variant.Kazy 258432 (B) drauf. Laut Emisoft habe ich noch diverse andere "freunde" auf dem Rechner, sobald der Scan abgeschlossen ist, schick ich den Log. Geändert von CreasyX (01.10.2013 um 21:19 Uhr) |
|
01.10.2013, 20:45
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Webseiten werden auf andere Seiten umgeleitet. Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
01.10.2013, 20:57
| #3 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet.Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by Creasy at 2013-10-01 21:10:09
Running from C:\Users\Creasy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Defense+ (Enabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}
==================== Installed Programs ======================
µTorrent (x32 Version: 3.3.0.29625)
3DMark 11 (x32 Version: 1.0.1)
64 Bit HP CIO Components Installer (Version: 7.2.8)
AC3Filter 1.63b (x32 Version: 1.63b)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Photoshop CS5 (x32 Version: 12.0)
Age of Empires® III: Complete Collection (x32)
Alan Wake (x32)
Alan Wake's American Nightmare (x32)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD USB Filter Driver (x32 Version: 1.0.11.86)
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485)
ATI Catalyst Registration (x32 Version: 3.00.0000)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Batman: Arkham Asylum GOTY Edition (x32)
Batman: Arkham City GOTY (x32)
Battlefield 3™ (x32 Version: 1.4.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
BufferChm (x32 Version: 130.0.331.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 4.02)
Command & Conquer 3 (x32 Version: 1.00.0000)
COMODO Internet Security (Version: 5.8.15089.2124)
Copy (x32 Version: 130.0.366.000)
Creative ALchemy (x32 Version: 1.41)
Creative Audio-Systemsteuerung (x32 Version: 2.56)
Creative MediaSource 5 (x32 Version: 5.26)
Creative Software AutoUpdate (x32 Version: 1.40)
Creative Sound Blaster Properties x64 Edition (x32)
Creative WaveStudio 7 (x32 Version: 7.12)
Crysis Wars(R) (x32 Version: 1.0)
Crysis Wars(R) (x32)
Crysis® 2 (x32 Version: 1.0.0.0)
DAEMON Tools Lite (x32 Version: 4.45.4.0314)
Dark Messiah of Might & Magic Single Player (x32)
Dead Space™ 2 (x32 Version: 1.0.941.0)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.372.000)
Diablo III (x32 Version: 1.0.8.16603)
Die Sims™ 3 (x32 Version: 1.57.62)
Die Sims™ 3 Supernatural (x32 Version: 15.0.135)
Die Sims™ 3 Traumsuite-Accessoires (x32 Version: 11.0.84)
DivX-Setup (x32 Version: 2.1.2.2)
DJ_AIO_06_F2400_SW_Min (x32 Version: 130.0.373.000)
Dota 2 (x32)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
Edna Bricht Aus - Sammler Edition (x32 Version: 1.1)
Empire: Total War (x32)
Emsisoft Anti-Malware (x32 Version: 8.1)
eReg (x32 Version: 1.20.138.34)
ESN Sonar (x32 Version: 0.70.4)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
F2400 (x32 Version: 130.0.373.000)
FIFA 12 DEMO (x32 Version: 1.0.0.0)
FIFA 13 (x32 Version: 1.1.0.0)
Free YouTube to MP3 Converter version 3.12.7.711 (x32 Version: 3.12.7.711)
Futuremark SystemInfo (x32 Version: 4.0.0.0)
GIMP 2.6.8
Google Chrome (x32 Version: 30.0.1599.66)
Google Update Helper (x32 Version: 1.3.21.153)
Gothic 3 (x32)
GPBaseService2 (x32 Version: 130.0.371.000)
Grand Theft Auto IV (x32 Version: 1.0.0013.131)
GRID (x32 Version: 1.30.0000)
GTA2 (x32 Version: 1.00.001)
Guild Wars 2 (x32)
Heroes II Gold (x32)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 5.003.001.001)
HPPhotoGadget (x32 Version: 130.0.282.000)
hpPrintProjects (x32 Version: 130.0.303.000)
HPProductAssistant (x32 Version: 130.0.371.000)
hpWLPGInstaller (x32 Version: 130.0.303.000)
IrfanView (remove only) (x32 Version: 4.28)
Jagged Alliance Online - Steam Edition (x32)
K-Lite Codec Pack 8.9.5 (Basic) (x32 Version: 8.9.5)
League of Legends (x32 Version: 1.02.0000)
LibUSB-Win32-0.1.10.1 (x32 Version: 0.1.10.1)
Logitech G11 Keyboard Software 1.03 (Version: 1.3.166.0)
Logitech SetPoint 6.32 (Version: 6.32.20)
Logitech Vid (x32 Version: 1.10.1009)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software-Treiberpaket (Version: 12.10.1110)
MarketResearch (x32 Version: 130.0.374.000)
Mass Effect 2 (x32 Version: 1.02)
Max Payne 3 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Might & Magic Heroes VI (x32 Version: 1.1)
Mirror's Edge™ (x32 Version: 1.0.1.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyPC Backup (Version: )
NVIDIA PhysX (x32 Version: 9.10.0513)
OpenAL (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Origin (x32 Version: 8.5.0.4554)
Pando Media Booster (x32 Version: 2.6.0.6)
PDF Settings CS5 (x32 Version: 10.0)
PDFCreator (x32 Version: 1.2.0)
Portal 2 (x32)
PreisHai 4.2 (x32)
PunkBuster Services (x32 Version: 0.991)
Quake Live Mozilla Plugin (x32 Version: 1.0.491)
Rapture3D 2.4.4 Game (x32)
Rockstar Games Social Club (x32 Version: 1.1.0.6)
S.T.A.L.K.E.R.: Shadow of Chernobyl (x32)
Scan (x32 Version: 13.0.0.0)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartPCFixer 4.2 (Version: 4.2)
SmartWebPrinting (x32 Version: 130.0.373.000)
SolutionCenter (x32 Version: 130.0.373.000)
Source SDK Base 2007 (x32)
StarCraft II (x32 Version: 2.0.11.26825)
Status (x32 Version: 130.0.373.000)
SUPERAntiSpyware (Version: 5.6.1032)
Team Fortress 2 (x32)
TeamSpeak 3 Client
The Secret of Monkey Island: Special Edition (x32)
The Walking Dead (x32)
The Whispered World (x32 Version: 1.01)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.376.000)
Turbo Lister 2 (x32 Version: 2.00.0000)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VC 9.0 Runtime (x32 Version: 1.0.0)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
WebReg (x32 Version: 130.0.132.017)
WinAce Archiver (x32 Version: 2.69)
Winamp (x32 Version: 5.64 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR (x32)
==================== Restore Points =========================
01-10-2013 16:43:01 Removed Java(TM) 7 Update 2 (64-bit)
01-10-2013 16:45:33 Removed Adobe Community Help
01-10-2013 16:47:14 Removed Adobe Reader X (10.1.0) - Deutsch.
01-10-2013 16:52:37 Removed DHTML Editing Component
01-10-2013 17:26:08 RegClean Pro Di, Okt 01, 13 19:26
01-10-2013 18:27:26 avast! Free Antivirus Setup
01-10-2013 19:06:43 avast! Free Antivirus Setup
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2340CD26-A3E4-408C-AA26-D39FBE92679B} - System32\Tasks\{492E83D8-0ACE-4AD5-921C-FD2978A6CBAD} => J:\KKND\KKND.EXE
Task: {2A6334BA-85F8-4F9C-BB89-8A63126F9696} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-12] (Microsoft Corporation)
Task: {415545B4-18AD-4DB3-B2B4-C44D7AF21374} - System32\Tasks\{FB88E9F9-94EC-45C0-B7F0-8F8C2511BC1F} => D:\heroes2\_SETUP\SETUP.EXE [1996-07-24] (InstallShield Corporation, Inc.)
Task: {445C49FF-F6C1-4D03-8BC4-A7F118898E52} - System32\Tasks\{639518CD-AC02-4BAD-9DDA-8184B4F74A51} => E:\HEROES2\HEROES2W.EXE
Task: {49865E9A-4BFA-470C-8535-30BF53701C21} - System32\Tasks\{97643D36-3A11-4EE3-83DC-9F756B443972} => J:\CURSE.EXE
Task: {557C0261-8210-42CA-8AE5-860F67011E44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22] (Google Inc.)
Task: {64969A51-E329-4E7A-B2A9-FD850FAC98A3} - System32\Tasks\{CA501F87-B556-470F-9AEA-3146CAE9F64E} => J:\INSTALL\SETUP.EXE
Task: {6DD8B9F3-B439-4D27-AF7A-BC9F07C593EF} - System32\Tasks\{0DCE99BE-C9B5-43DF-B82A-C59E29256266} => E:\HEROES2\HEROES2W.EXE
Task: {81B7AF7A-6D7C-4B63-9F82-3F051CB159AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-01] (Adobe Systems Incorporated)
Task: {880449EA-6E6D-4442-A14B-29EDAFA23D67} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4122193455-877732363-3804409959-1001Core => C:\Users\Creasy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {9E1CDEE5-AA95-4457-AA4C-A0251524F5AE} - System32\Tasks\SUPERAntiSpyware Scheduled Task b3ace070-2e86-4407-a777-76d027dc7cfb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {AB37E27C-038C-45D4-95D6-9F7E50D168C9} - System32\Tasks\{BC7463DD-3761-4BA1-8269-508C0C380B72} => J:\INSTALL\SETUP.EXE
Task: {B38F33D8-F34A-43D3-989D-A15372B5A2AE} - System32\Tasks\SUPERAntiSpyware Scheduled Task ae0fb185-46a9-4c3f-bb34-9f91b59439c3 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {BEAF705D-9E91-4F0E-A201-124761BD1DED} - System32\Tasks\{8C430968-EA42-46AF-ACEC-27711D2A6147} => J:\INSTALL\SETUP.EXE
Task: {DE9EBE2C-08A3-447B-983F-96134EE453FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22] (Google Inc.)
Task: {DFC22EB5-73C1-43A1-B703-594ECDE80D22} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4122193455-877732363-3804409959-1001UA => C:\Users\Creasy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {ED222DEB-2C85-4048-8360-86703423E179} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {F06FE0A6-EC06-42E6-8C8E-E931954A141E} - System32\Tasks\{F424D661-F92A-42C0-AE0E-6C216DA524D4} => D:\heroes2\_SETUP\SETUP.EXE [1996-07-24] (InstallShield Corporation, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4122193455-877732363-3804409959-1001Core.job => C:\Users\Creasy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4122193455-877732363-3804409959-1001UA.job => C:\Users\Creasy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ae0fb185-46a9-4c3f-bb34-9f91b59439c3.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b3ace070-2e86-4407-a777-76d027dc7cfb.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Loaded Modules (whitelisted) =============
2011-06-23 23:26 - 2010-11-20 15:27 - 00326144 _____ () C:\Windows\system32\mswsock.dll
2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-08-19 16:36 - 2013-08-19 16:35 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 02140944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 07704336 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 00968976 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 00475408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 16:35 - 2009-07-16 16:35 - 00363792 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 00199952 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 16:35 - 2009-07-16 16:35 - 00027408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
2009-07-16 16:35 - 2009-07-16 16:35 - 11311888 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 00291600 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll
2009-07-16 16:36 - 2009-07-16 16:36 - 00028944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 16:36 - 2009-07-16 16:36 - 00035088 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 16:36 - 2009-07-16 16:36 - 00138000 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2009-10-14 14:36 - 2009-10-14 14:36 - 00181592 _____ () C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll
2013-10-01 20:43 - 2012-04-27 16:08 - 00093040 _____ () C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\BDMetrics.dll
2013-10-01 20:28 - 2013-08-30 09:47 - 00240448 ____N () C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KL1 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\kl2 => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/01/2013 08:42:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x750bc9f5
ID des fehlerhaften Prozesses: 0x1ba4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (10/01/2013 08:38:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x750bc9f5
ID des fehlerhaften Prozesses: 0x1240
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (10/01/2013 06:03:23 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/01/2013 06:03:23 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/01/2013 06:03:23 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/01/2013 06:03:23 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (10/01/2013 06:03:21 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/01/2013 06:03:21 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (10/01/2013 06:03:21 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/01/2013 06:03:21 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (10/01/2013 09:04:17 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (10/01/2013 09:02:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/01/2013 09:02:48 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AeLookupSvc erreicht.
Error: (10/01/2013 09:01:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (10/01/2013 09:01:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "LibUsb-Win32 - Daemon, Version 0.1.10.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/01/2013 09:01:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (10/01/2013 09:00:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (10/01/2013 09:00:08 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\libusb0.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (10/01/2013 08:03:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (10/01/2013 08:03:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "LibUsb-Win32 - Daemon, Version 0.1.10.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (10/01/2013 08:42:33 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005750bc9f51ba401cebed5fd9b2a26C:\Windows\SysWOW64\svchost.exeunknown3ba9952e-2ac9-11e3-922f-00241ddaffa5
Error: (10/01/2013 08:38:27 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005750bc9f5124001cebed5660d525fC:\Windows\SysWOW64\svchost.exeunknowna8b46991-2ac8-11e3-922f-00241ddaffa5
Error: (10/01/2013 06:03:23 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/01/2013 06:03:23 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/01/2013 06:03:23 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/01/2013 06:03:23 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (10/01/2013 06:03:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (10/01/2013 06:03:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (10/01/2013 06:03:21 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (10/01/2013 06:03:21 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
CodeIntegrity Errors:
===================================
Date: 2011-12-18 19:57:21.505
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Creasy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-12-18 19:57:21.455
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Creasy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-12-18 19:57:20.492
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-12-18 19:57:20.446
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-23 17:15:33.736
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-23 16:46:47.351
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-23 16:37:27.559
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-23 15:12:44.222
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-23 14:13:38.290
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-23 13:13:36.748
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 4094.49 MB
Available physical RAM: 2130.5 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 5291.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:87.89 GB) (Free:15.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Spiele) (Fixed) (Total:95.79 GB) (Free:31.47 GB) NTFS
Drive e: (Spiele und Downloads) (Fixed) (Total:95.79 GB) (Free:50.93 GB) NTFS
Drive f: (Volume) (Fixed) (Total:1863.01 GB) (Free:1360.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 92385246)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 279 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=88 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=96 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=96 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Creasy (administrator) on CREASY-PC on 01-10-2013 21:09:27
Running from C:\Users\Creasy\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Emsisoft GmbH) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2wizard.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswRunDll.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\avast.setup
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-23] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)
MountPoints2: J - J:\AUTOSTARTER.EXE
MountPoints2: {04f986f9-132e-11e0-94a5-00241ddaffa5} - H:\autorun.exe
MountPoints2: {2783a76c-1ba1-11e2-b305-00241ddaffa5} - G:\_AUTORUN\AUTORUN.EXE
MountPoints2: {591dcae0-308d-11e1-b129-00241ddaffa5} - H:\autorun.exe -auto
MountPoints2: {b11f76fc-11b6-11e0-a53e-806e6f6e6963} - F:\Autorun.exe
MountPoints2: {c152539a-247e-11e0-9055-00241ddaffa5} - G:\setup.exe
HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4329408 2013-09-30] (Emsisoft GmbH)
AppInit_DLLs: C:\Windows\system32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x699374FDC5A5CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Creasy\AppData\Roaming\Mozilla\Firefox\Profiles\o7f062yg.default
FF SearchEngineOrder.3: Bing
FF Homepage: google.de
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071413&q=
FF NetworkProxy: "ftp", "109.207.61.212"
FF NetworkProxy: "ftp_port", 8090
FF NetworkProxy: "http", "109.207.61.212"
FF NetworkProxy: "http_port", 8090
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "109.207.61.212"
FF NetworkProxy: "socks_port", 8090
FF NetworkProxy: "ssl", "109.207.61.212"
FF NetworkProxy: "ssl_port", 8090
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Creasy\AppData\Roaming\Mozilla\Firefox\Profiles\o7f062yg.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Creasy\AppData\Roaming\Mozilla\Firefox\Profiles\o7f062yg.default\searchplugins\conduit.xml
FF Extension: Deutsches Wörterbuch - C:\Users\Creasy\AppData\Roaming\Mozilla\Firefox\Profiles\o7f062yg.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: stealthyextension - C:\Users\Creasy\AppData\Roaming\Mozilla\Firefox\Profiles\o7f062yg.default\Extensions\stealthyextension@gmail.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Creasy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Creasy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Creasy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Creasy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Creasy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Creasy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4153784 2013-09-30] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [130976 2011-03-01] (Futuremark Corporation)
S2 libusbd; C:\Windows\SysWow64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net)
S4 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-14] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\ \...\???\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH)
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-07-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-19] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-08-19] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-08-19] (Emsisoft GmbH)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-22] (DT Soft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [33792 2005-03-09] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-07-23] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-29] (Duplex Secure Ltd.)
S3 cpuz130; \??\C:\Users\Creasy\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 libusb0; system32\drivers\libusb0.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-01 21:09 - 2013-10-01 21:09 - 00000000 ____D C:\FRST
2013-10-01 21:08 - 2013-10-01 21:09 - 01953880 _____ (Farbar) C:\Users\Creasy\Desktop\FRST64.exe
2013-10-01 20:57 - 2013-10-01 20:58 - 00000600 _____ C:\Users\Creasy\Desktop\defogger_disable.log
2013-10-01 20:57 - 2013-10-01 20:57 - 00050477 _____ C:\Users\Creasy\Desktop\Defogger.exe
2013-10-01 20:57 - 2013-10-01 20:57 - 00000020 _____ C:\Users\Creasy\defogger_reenable
2013-10-01 20:43 - 2013-10-01 20:43 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-10-01 20:40 - 2013-10-01 20:40 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\QuickScan
2013-10-01 20:38 - 2013-10-01 20:39 - 00000000 ___HD C:\Windows\AxInstSV
2013-10-01 20:28 - 2013-10-01 20:28 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-01 20:28 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-01 20:27 - 2013-10-01 20:27 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-01 20:27 - 2013-10-01 20:27 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-01 20:22 - 2013-10-01 21:03 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-10-01 20:22 - 2013-10-01 20:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-01 20:22 - 2013-10-01 20:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-01 20:22 - 2013-10-01 20:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-01 20:22 - 2013-10-01 20:22 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-01 20:22 - 2013-10-01 20:22 - 00001091 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-10-01 20:22 - 2013-10-01 20:22 - 00000000 ____D C:\Users\Creasy\Documents\Anti-Malware
2013-10-01 20:12 - 2013-10-01 20:12 - 00000820 _____ C:\Users\Public\Desktop\SmartPCFixer.lnk
2013-10-01 20:11 - 2013-10-01 20:12 - 00000000 ____D C:\Program Files\SmartPCFixer
2013-10-01 20:07 - 2013-10-01 20:07 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-01 19:34 - 2013-10-01 19:34 - 00000000 ____D C:\Users\CreasyX\AppData\Roaming\SUPERAntiSpyware.com
2013-10-01 19:28 - 2013-10-01 19:48 - 00002208 _____ C:\Windows\system32\ASOROSet.bin
2013-10-01 19:28 - 2013-10-01 19:28 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2013-10-01 19:24 - 2013-10-01 19:24 - 00000000 ____D C:\Users\CreasyX\AppData\Roaming\Avira
2013-10-01 19:23 - 2013-10-01 19:50 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-01 19:23 - 2013-10-01 19:28 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\Systweak
2013-10-01 19:23 - 2013-10-01 19:23 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.1428.dll
2013-10-01 19:23 - 2013-10-01 19:23 - 00001087 _____ C:\Users\Creasy\Desktop\MyPC Backup.lnk
2013-10-01 19:23 - 2013-10-01 19:23 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-01 19:23 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-10-01 19:19 - 2013-10-01 19:19 - 00064536 _____ C:\Users\CreasyX\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-01 19:19 - 2013-10-01 19:19 - 00000000 ____D C:\Users\CreasyX\AppData\Roaming\ATI
2013-10-01 19:19 - 2013-10-01 19:19 - 00000000 ____D C:\Users\CreasyX\AppData\Local\ATI
2013-10-01 19:19 - 2013-10-01 19:19 - 00000000 ____D C:\Users\CreasyX\AppData\Local\AMD
2013-10-01 19:18 - 2013-10-01 19:18 - 00001381 _____ C:\Users\CreasyX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ___RD C:\Users\CreasyX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ___RD C:\Users\CreasyX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ____D C:\Users\CreasyX\AppData\Roaming\Logitech
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ____D C:\Users\CreasyX\AppData\Roaming\Adobe
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ____D C:\Users\CreasyX\AppData\Local\VirtualStore
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ____D C:\Users\CreasyX\AppData\Local\Logitech
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ____D C:\Users\CreasyX\AppData\Local\Adobe
2013-10-01 19:17 - 2013-10-01 20:26 - 00000000 ____D C:\Users\CreasyX
2013-10-01 19:17 - 2013-10-01 19:17 - 00000020 ___SH C:\Users\CreasyX\ntuser.ini
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Vorlagen
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Startmenü
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Netzwerkumgebung
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Lokale Einstellungen
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Eigene Dateien
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Druckumgebung
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Documents\Eigene Musik
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Documents\Eigene Bilder
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\AppData\Local\Verlauf
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\AppData\Local\Anwendungsdaten
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Anwendungsdaten
2013-10-01 19:17 - 2011-02-08 18:29 - 00000000 ____D C:\Users\CreasyX\AppData\Roaming\Macromedia
2013-10-01 19:17 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\CreasyX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-01 19:17 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\CreasyX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-01 18:41 - 2013-10-01 20:02 - 00000000 ____D C:\Users\Creasy\Desktop\backups
2013-10-01 18:35 - 2013-10-01 20:00 - 00008987 _____ C:\Users\Creasy\Desktop\hijackthis.log
2013-10-01 18:34 - 2013-10-01 18:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\Creasy\Desktop\HijackThis.exe
2013-10-01 18:23 - 2013-10-01 19:17 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b3ace070-2e86-4407-a777-76d027dc7cfb.job
2013-10-01 18:23 - 2013-10-01 19:17 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ae0fb185-46a9-4c3f-bb34-9f91b59439c3.job
2013-10-01 18:23 - 2013-10-01 18:23 - 00003594 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b3ace070-2e86-4407-a777-76d027dc7cfb
2013-10-01 18:23 - 2013-10-01 18:23 - 00003520 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ae0fb185-46a9-4c3f-bb34-9f91b59439c3
2013-10-01 18:23 - 2013-10-01 18:23 - 00001768 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-01 18:23 - 2013-10-01 18:23 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\SUPERAntiSpyware.com
2013-10-01 18:23 - 2013-10-01 18:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-01 18:23 - 2013-10-01 18:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-01 18:21 - 2013-10-01 18:21 - 00377856 _____ C:\Users\Creasy\Desktop\gmer_2.1.19163.exe
2013-10-01 18:05 - 2013-10-01 18:05 - 00064536 _____ C:\Users\Creasy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-01 18:02 - 2013-10-01 21:00 - 00007920 _____ C:\Windows\PFRO.log
2013-10-01 18:02 - 2013-10-01 21:00 - 00000280 _____ C:\Windows\setupact.log
2013-10-01 18:02 - 2013-10-01 18:03 - 04854640 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-01 18:02 - 2013-10-01 18:02 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 16:16 - 2013-10-01 16:21 - 00000000 __SHD C:\Users\Creasy\lbsan
2013-10-01 15:59 - 2013-10-01 15:59 - 00000000 ____D C:\Users\Creasy\Documents\FIFA 14
2013-09-30 15:58 - 2013-09-30 15:58 - 00000521 _____ C:\Users\Public\Desktop\µTorrent.lnk
2013-09-29 09:54 - 2013-09-29 09:54 - 00000000 ____D C:\Program Files (x86)\TryMedia
2013-09-29 09:53 - 2013-09-29 09:53 - 00000940 _____ C:\Users\Creasy\Desktop\Heroes II Gold.lnk
2013-09-29 09:52 - 2013-09-29 09:52 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3DO
2013-09-25 14:53 - 2013-09-25 15:13 - 00000000 ____D C:\Users\Creasy\Desktop\Neuer Ordner (3)
2013-09-19 17:00 - 2013-09-19 17:00 - 00000000 ____D C:\ProgramData\Age of Empires 3
2013-09-19 17:00 - 1993-08-24 18:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system\Wing32.dll
2013-09-19 16:47 - 2013-09-19 16:47 - 00000202 _____ C:\Users\Creasy\Desktop\Age of Empires III Complete Collection.url
2013-09-16 19:06 - 2013-09-16 19:06 - 00000000 ____D C:\Users\Creasy\Documents\Ascaron Entertainment
2013-09-16 19:06 - 2013-09-16 19:06 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\Ascaron Entertainment
2013-09-11 18:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 18:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 18:46 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 18:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 18:46 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 18:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 18:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 18:46 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 18:46 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 18:46 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 18:46 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 18:46 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 18:46 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 18:46 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 18:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 18:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 18:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 18:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 18:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 18:46 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 18:46 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 18:46 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 18:46 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 18:46 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 18:46 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 18:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 18:46 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 18:46 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 18:46 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 18:46 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 18:46 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 13:34 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 13:34 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 13:34 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 13:34 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 13:34 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 13:34 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 13:34 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 13:34 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 13:34 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 13:34 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 13:34 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 13:34 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 13:34 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 13:34 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 13:34 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 13:34 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 13:34 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 13:34 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 13:34 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 13:34 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 13:34 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 13:34 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 13:34 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 13:34 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 13:34 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 13:34 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 13:34 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-02 18:58 - 2013-09-02 18:58 - 00000000 ____D C:\Users\Creasy\Desktop\Ebay Ordner
==================== One Month Modified Files and Folders =======
2013-10-01 21:09 - 2013-10-01 21:09 - 00000000 ____D C:\FRST
2013-10-01 21:09 - 2013-10-01 21:08 - 01953880 _____ (Farbar) C:\Users\Creasy\Desktop\FRST64.exe
2013-10-01 21:05 - 2011-01-16 17:14 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\Skype
2013-10-01 21:03 - 2013-10-01 20:22 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-10-01 21:00 - 2013-10-01 18:02 - 00007920 _____ C:\Windows\PFRO.log
2013-10-01 21:00 - 2013-10-01 18:02 - 00000280 _____ C:\Windows\setupact.log
2013-10-01 21:00 - 2011-05-22 19:42 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-01 21:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-01 20:58 - 2013-10-01 20:57 - 00000600 _____ C:\Users\Creasy\Desktop\defogger_disable.log
2013-10-01 20:57 - 2013-10-01 20:57 - 00050477 _____ C:\Users\Creasy\Desktop\Defogger.exe
2013-10-01 20:57 - 2013-10-01 20:57 - 00000020 _____ C:\Users\Creasy\defogger_reenable
2013-10-01 20:57 - 2010-12-27 14:50 - 00000000 ____D C:\Users\Creasy
2013-10-01 20:43 - 2013-10-01 20:43 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-10-01 20:43 - 2011-05-22 19:42 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-01 20:40 - 2013-10-01 20:40 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\QuickScan
2013-10-01 20:39 - 2013-10-01 20:38 - 00000000 ___HD C:\Windows\AxInstSV
2013-10-01 20:32 - 2013-10-01 20:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-01 20:28 - 2013-10-01 20:28 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-01 20:27 - 2013-10-01 20:27 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-01 20:27 - 2013-10-01 20:27 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-01 20:26 - 2013-10-01 19:17 - 00000000 ____D C:\Users\CreasyX
2013-10-01 20:22 - 2013-10-01 20:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-01 20:22 - 2013-10-01 20:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-01 20:22 - 2013-10-01 20:22 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-01 20:22 - 2013-10-01 20:22 - 00001091 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-10-01 20:22 - 2013-10-01 20:22 - 00000000 ____D C:\Users\Creasy\Documents\Anti-Malware
2013-10-01 20:12 - 2013-10-01 20:12 - 00000820 _____ C:\Users\Public\Desktop\SmartPCFixer.lnk
2013-10-01 20:12 - 2013-10-01 20:11 - 00000000 ____D C:\Program Files\SmartPCFixer
2013-10-01 20:11 - 2009-07-14 06:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 20:11 - 2009-07-14 06:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 20:07 - 2013-10-01 20:07 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-01 20:07 - 2011-05-22 19:42 - 00000000 ____D C:\Users\Creasy\AppData\Local\Google
2013-10-01 20:07 - 2011-05-22 19:42 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-01 20:02 - 2013-10-01 18:41 - 00000000 ____D C:\Users\Creasy\Desktop\backups
2013-10-01 20:00 - 2013-10-01 18:35 - 00008987 _____ C:\Users\Creasy\Desktop\hijackthis.log
2013-10-01 19:50 - 2013-10-01 19:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-01 19:49 - 2009-07-14 04:34 - 73138176 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-10-01 19:49 - 2009-07-14 04:34 - 21757952 _____ C:\Windows\system32\config\SYSTEM.bak
2013-10-01 19:49 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-10-01 19:48 - 2013-10-01 19:28 - 00002208 _____ C:\Windows\system32\ASOROSet.bin
2013-10-01 19:45 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-10-01 19:34 - 2013-10-01 19:34 - 00000000 ____D C:\Users\CreasyX\AppData\Roaming\SUPERAntiSpyware.com
2013-10-01 19:28 - 2013-10-01 19:28 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2013-10-01 19:28 - 2013-10-01 19:23 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\Systweak
2013-10-01 19:24 - 2013-10-01 19:24 - 00000000 ____D C:\Users\CreasyX\AppData\Roaming\Avira
2013-10-01 19:23 - 2013-10-01 19:23 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.1428.dll
2013-10-01 19:23 - 2013-10-01 19:23 - 00001087 _____ C:\Users\Creasy\Desktop\MyPC Backup.lnk
2013-10-01 19:23 - 2013-10-01 19:23 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-01 19:23 - 2010-12-27 14:50 - 00000000 ___RD C:\Users\Creasy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-01 19:19 - 2013-10-01 19:19 - 00064536 _____ C:\Users\CreasyX\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-01 19:19 - 2013-10-01 19:19 - 00000000 ____D C:\Users\CreasyX\AppData\Roaming\ATI
2013-10-01 19:19 - 2013-10-01 19:19 - 00000000 ____D C:\Users\CreasyX\AppData\Local\ATI
2013-10-01 19:19 - 2013-10-01 19:19 - 00000000 ____D C:\Users\CreasyX\AppData\Local\AMD
2013-10-01 19:18 - 2013-10-01 19:18 - 00001381 _____ C:\Users\CreasyX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ___RD C:\Users\CreasyX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ___RD C:\Users\CreasyX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ____D C:\Users\CreasyX\AppData\Roaming\Logitech
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ____D C:\Users\CreasyX\AppData\Roaming\Adobe
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ____D C:\Users\CreasyX\AppData\Local\VirtualStore
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ____D C:\Users\CreasyX\AppData\Local\Logitech
2013-10-01 19:18 - 2013-10-01 19:18 - 00000000 ____D C:\Users\CreasyX\AppData\Local\Adobe
2013-10-01 19:17 - 2013-10-01 19:17 - 00000020 ___SH C:\Users\CreasyX\ntuser.ini
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Vorlagen
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Startmenü
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Netzwerkumgebung
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Lokale Einstellungen
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Eigene Dateien
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Druckumgebung
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Documents\Eigene Musik
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Documents\Eigene Bilder
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\AppData\Local\Verlauf
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\AppData\Local\Anwendungsdaten
2013-10-01 19:17 - 2013-10-01 19:17 - 00000000 _SHDL C:\Users\CreasyX\Anwendungsdaten
2013-10-01 19:17 - 2013-10-01 18:23 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b3ace070-2e86-4407-a777-76d027dc7cfb.job
2013-10-01 19:17 - 2013-10-01 18:23 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ae0fb185-46a9-4c3f-bb34-9f91b59439c3.job
2013-10-01 19:08 - 2010-12-27 15:15 - 00000000 ____D C:\Users\Creasy\AppData\Local\Mozilla
2013-10-01 18:54 - 2011-07-03 17:18 - 00000000 ____D C:\Program Files (x86)\ScummVM
2013-10-01 18:35 - 2010-12-27 14:50 - 00000000 ____D C:\Users\Creasy\AppData\Local\VirtualStore
2013-10-01 18:34 - 2013-10-01 18:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\Creasy\Desktop\HijackThis.exe
2013-10-01 18:23 - 2013-10-01 18:23 - 00003594 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b3ace070-2e86-4407-a777-76d027dc7cfb
2013-10-01 18:23 - 2013-10-01 18:23 - 00003520 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ae0fb185-46a9-4c3f-bb34-9f91b59439c3
2013-10-01 18:23 - 2013-10-01 18:23 - 00001768 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-01 18:23 - 2013-10-01 18:23 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\SUPERAntiSpyware.com
2013-10-01 18:23 - 2013-10-01 18:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-01 18:23 - 2013-10-01 18:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-01 18:21 - 2013-10-01 18:21 - 00377856 _____ C:\Users\Creasy\Desktop\gmer_2.1.19163.exe
2013-10-01 18:05 - 2013-10-01 18:05 - 00064536 _____ C:\Users\Creasy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-01 18:04 - 2011-06-23 23:26 - 00000000 __SHD C:\Users\Creasy\AppData\Roaming\C51960
2013-10-01 18:03 - 2013-10-01 18:02 - 04854640 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-01 18:02 - 2013-10-01 18:02 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 18:00 - 2010-12-27 15:19 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\Winamp
2013-10-01 17:49 - 2012-09-16 12:58 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\uTorrent
2013-10-01 17:49 - 2010-12-29 11:27 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\DAEMON Tools Lite
2013-10-01 17:48 - 2010-12-27 14:41 - 00000000 ____D C:\Windows\Panther
2013-10-01 16:21 - 2013-10-01 16:16 - 00000000 __SHD C:\Users\Creasy\lbsan
2013-10-01 15:59 - 2013-10-01 15:59 - 00000000 ____D C:\Users\Creasy\Documents\FIFA 14
2013-10-01 15:53 - 2010-12-27 16:06 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-09-30 15:58 - 2013-09-30 15:58 - 00000521 _____ C:\Users\Public\Desktop\µTorrent.lnk
2013-09-29 09:54 - 2013-09-29 09:54 - 00000000 ____D C:\Program Files (x86)\TryMedia
2013-09-29 09:53 - 2013-09-29 09:53 - 00000940 _____ C:\Users\Creasy\Desktop\Heroes II Gold.lnk
2013-09-29 09:53 - 2011-04-28 11:16 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-29 09:52 - 2013-09-29 09:52 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3DO
2013-09-26 15:54 - 2010-12-27 16:04 - 00000000 ____D C:\Users\Creasy\Desktop\bilder
2013-09-25 15:24 - 2009-07-14 19:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-09-25 15:24 - 2009-07-14 19:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-09-25 15:24 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 15:19 - 2012-04-16 21:09 - 00000000 ____D C:\Users\Creasy\Desktop\Neuer Ordner
2013-09-25 15:13 - 2013-09-25 14:53 - 00000000 ____D C:\Users\Creasy\Desktop\Neuer Ordner (3)
2013-09-19 17:00 - 2013-09-19 17:00 - 00000000 ____D C:\ProgramData\Age of Empires 3
2013-09-19 17:00 - 2010-12-27 21:45 - 00000000 ____D C:\Users\Creasy\Documents\My Games
2013-09-19 17:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2013-09-19 16:47 - 2013-09-19 16:47 - 00000202 _____ C:\Users\Creasy\Desktop\Age of Empires III Complete Collection.url
2013-09-16 19:06 - 2013-09-16 19:06 - 00000000 ____D C:\Users\Creasy\Documents\Ascaron Entertainment
2013-09-16 19:06 - 2013-09-16 19:06 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\Ascaron Entertainment
2013-09-15 17:32 - 2013-03-03 21:34 - 00000000 ____D C:\Users\Creasy\Desktop\SPIELE
2013-09-15 15:45 - 2013-07-17 20:03 - 00000000 ____D C:\Users\Creasy\Desktop\MP3 Download
2013-09-15 12:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 06:51 - 2010-12-27 14:50 - 00000000 ___RD C:\Users\Creasy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 18:46 - 2013-08-16 21:04 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 18:43 - 2011-01-29 11:25 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 18:42 - 2011-04-13 11:03 - 01590298 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-08 04:45 - 2012-10-20 08:34 - 00014848 _____ C:\Users\Creasy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-08 04:28 - 2012-12-08 16:20 - 00000000 ____D C:\Users\Creasy\Desktop\Wenke
2013-09-03 10:31 - 2013-08-19 16:36 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-02 18:58 - 2013-09-02 18:58 - 00000000 ____D C:\Users\Creasy\Desktop\Ebay Ordner
2013-09-01 17:24 - 2013-08-28 11:34 - 00000000 ____D C:\Users\Creasy\AppData\Roaming\PreisHai4
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Files to move or delete:
====================
ZeroAccess:
C:\Users\Creasy\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Public\AlexaNSISPlugin.1428.dll
Some content of TEMP:
====================
C:\Users\Creasy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Creasy\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe
C:\Users\Creasy\AppData\Local\Temp\InstallFlashPlayer.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-09-22 08:21
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- [/CODE] |
|
02.10.2013, 06:08
| #5 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet. Hier der Scan von Emisoft Code:
ATTFilter
Emsisoft Anti-Malware - Version 8.1
Letztes Update: 01.10.2013 21:44:40
Benutzerkonto: Creasy-PC\Creasy
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, F:\
PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 01.10.2013 21:48:26
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}\INPROCSERVER32 -> THREADINGMODEL gefunden: Trace.Registry.Alexa Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} gefunden: Trace.Registry.AlexaToolbar (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1DD35AE6-8472-4151-AC2D-96B2AD3F7F82}\INPROCSERVER32 -> THREADINGMODEL gefunden: Trace.Registry.Net Spy Pro 4.6 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{281AD869-B22B-4249-B1A1-AA6BE0012AE5}\INPROCSERVER32 -> THREADINGMODEL gefunden: Trace.Registry.Net Spy Pro 4.6 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{29E269FC-2F9B-4BCD-8975-FFF13240C4D5}\INPROCSERVER32 -> THREADINGMODEL gefunden: Trace.Registry.Net Spy Pro 4.6 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{42C9CCDA-4485-47B8-A9E5-E8006DE9E100}\INPROCSERVER32 -> THREADINGMODEL gefunden: Trace.Registry.Net Spy Pro 4.6 (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{65E67583-931C-4039-B3DF-385256EEA001}\INPROCSERVER32 -> THREADINGMODEL gefunden: Trace.Registry.Net Spy Pro 4.6 (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\TRYMEDIA SYSTEMS gefunden: Trace.Registry.Trymedia (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\TRYMEDIA SYSTEMS\ACTIVEMARK SOFTWARE gefunden: Trace.Registry.Trymedia (A)
C:\Program Files (x86)\Google\Desktop\Install\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\ \...\*ﯹ๛\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\GoogleUpdate.exe gefunden: Gen:Variant.Kazy.258432 (B)
C:\Program Files (x86)\Google\Desktop\Install\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\ \...\*ﯹ๛\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\L\00000004.@ gefunden: Trojan.Win32.ZAccess (A)
C:\Program Files (x86)\Google\Desktop\Install\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\ \...\*ﯹ๛\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\U\00000004.@ gefunden: Trojan.Sirefef.GY (B)
C:\Program Files (x86)\Google\Desktop\Install\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\ \...\*ﯹ๛\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\U\000000cb.@ gefunden: Trojan.Sirefef.HK (B)
C:\Program Files (x86)\Google\Desktop\Install\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\ \...\*ﯹ๛\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\U\80000000.@ gefunden: Trojan.Generic.9525749 (B)
C:\Program Files (x86)\Google\Desktop\Install\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\ \...\*ﯹ๛\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\U\80000032.@ gefunden: Trojan.Generic.9594309 (B)
C:\Program Files (x86)\Google\Desktop\Install\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\ \...\*ﯹ๛\{91b7f6fa-bce8-1378-b033-8389aebb1f79}\U\80000064.@ gefunden: Trojan.Generic.9602417 (B)
C:\Windows\assembly\GAC_32\Desktop.ini gefunden: Trojan.Sirefef.YS (B)
C:\Windows\assembly\GAC_64\Desktop.ini gefunden: Trojan.Sirefef.YS (B)
E:\Musik Patrick\korn its gonna go away lash.wma gefunden: Trojan.Generic.IS.559211 (B)
Gescannt 730221
Gefunden 19
Scan Ende: 02.10.2013 00:33:16
Scan Zeit: 2:44:50
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-01 21:31:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3300831A rev.3.03 279,46GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Creasy\AppData\Local\Temp\kxdirpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800033f9000 64 bytes [00, 00, 66, 04, 80, FA, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 610 fffff800033f9042 5 bytes [00, 00, 76, 6B, 05]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 000000016fff00d8
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 0000000149d00450
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 0000000149d00370
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 0000000149d003e0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 0000000149d00320
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 0000000149d003b0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 0000000149d00390
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 0000000149d002e0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 0000000149d002d0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 0000000149d00310
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 0000000149d003c0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 0000000149d003f0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 0000000149d00230
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 0000000149d003a0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 0000000149d002f0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 0000000149d00350
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 0000000149d00290
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 0000000149d002b0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 0000000149d003d0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 0000000149d00330
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 0000000149d00410
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 0000000149d00240
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 0000000149d001e0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 0000000149d00250
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 0000000149d00490
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 0000000149d004a0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 0000000149d00300
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 0000000149d00360
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 0000000149d002a0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 0000000149d002c0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 0000000149d00380
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 0000000149d00340
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 0000000149d00440
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 0000000149d00260
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 0000000149d00270
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 0000000149d00400
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 0000000149d001f0
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 0000000149d00210
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 0000000149d00200
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 0000000149d00420
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 0000000149d00430
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 0000000149d00220
.text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 0000000149d00280
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000076cd6ef0 8 bytes JMP 000000016fff06f8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000076cd8184 7 bytes JMP 000000016fff0880
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SetParent 0000000076cd8530 8 bytes JMP 000000016fff0730
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!PostMessageA 0000000076cda404 5 bytes JMP 000000016fff0308
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!EnableWindow 0000000076cdaaa0 9 bytes JMP 000000016fff08f0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!MoveWindow 0000000076cdaad0 8 bytes JMP 000000016fff0768
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!GetAsyncKeyState 0000000076cdc720 5 bytes JMP 000000016fff06c0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!RegisterHotKey 0000000076cdcd50 8 bytes JMP 000000016fff0848
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!PostThreadMessageA 0000000076cdd2b0 5 bytes JMP 000000016fff0378
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SendMessageA 0000000076cdd338 5 bytes JMP 000000016fff03e8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SendNotifyMessageW 0000000076cddc40 9 bytes JMP 000000016fff0570
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SystemParametersInfoW 0000000076cdf510 7 bytes JMP 000000016fff08b8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076cdf874 9 bytes JMP 000000016fff0298
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 0000000076cdfac0 9 bytes JMP 000000016fff0490
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000076ce0b74 10 bytes JMP 000000016fff03b0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000076ce4d4c 5 bytes JMP 000000016fff02d0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!GetKeyState 0000000076ce5010 5 bytes JMP 000000016fff0688
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000076ce5438 7 bytes JMP 000000016fff0500
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SendMessageW 0000000076ce6b50 5 bytes JMP 000000016fff0420
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!PostMessageW 0000000076ce76e4 7 bytes JMP 000000016fff0340
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 0000000076cedd90 5 bytes JMP 000000016fff05e0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!GetClipboardData 0000000076cee874 5 bytes JMP 000000016fff0810
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SetClipboardViewer 0000000076cef780 8 bytes JMP 000000016fff07a0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SendNotifyMessageA 0000000076cf28e4 12 bytes JMP 000000016fff0538
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!mouse_event 0000000076cf3894 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076cf8a10 8 bytes JMP 000000016fff0650
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000076cf8be0 12 bytes JMP 000000016fff0458
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076cf8c20 12 bytes JMP 000000016fff0260
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SendInput 0000000076cf8cd0 8 bytes JMP 000000016fff0618
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!BlockInput 0000000076cfad60 8 bytes JMP 000000016fff07d8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000076d214e0 5 bytes JMP 000000016fff0928
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!keybd_event 0000000076d445a4 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 0000000076d4cc08 5 bytes JMP 000000016fff05a8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\USER32.dll!SendMessageCallbackA 0000000076d4df18 7 bytes JMP 000000016fff04c8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 000000016fff00d8
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 0000000149d00450
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 0000000149d00370
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 0000000149d003e0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 0000000149d00320
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 0000000149d003b0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 0000000149d00390
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 0000000149d002e0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 0000000149d002d0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 0000000149d00310
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 0000000149d003c0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 0000000149d003f0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 0000000149d00230
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 0000000149d003a0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 0000000149d002f0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 0000000149d00350
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 0000000149d00290
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 0000000149d002b0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 0000000149d003d0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 0000000149d00330
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 0000000149d00410
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 0000000149d00240
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 0000000149d001e0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 0000000149d00250
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 0000000149d00490
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 0000000149d004a0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 0000000149d00300
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 0000000149d00360
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 0000000149d002a0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 0000000149d002c0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 0000000149d00380
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 0000000149d00340
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 0000000149d00440
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 0000000149d00260
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 0000000149d00270
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 0000000149d00400
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 0000000149d001f0
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 0000000149d00210
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 0000000149d00200
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 0000000149d00420
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 0000000149d00430
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 0000000149d00220
.text C:\Windows\system32\csrss.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 0000000149d00280
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefef04750 5 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000076cd6ef0 8 bytes JMP 000000016fff06f8
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000076cd8184 7 bytes JMP 000000016fff0880
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SetParent 0000000076cd8530 8 bytes JMP 000000016fff0730
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!PostMessageA 0000000076cda404 5 bytes JMP 000000016fff0308
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!EnableWindow 0000000076cdaaa0 9 bytes JMP 000000016fff08f0
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!MoveWindow 0000000076cdaad0 8 bytes JMP 000000016fff0768
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!GetAsyncKeyState 0000000076cdc720 5 bytes JMP 000000016fff06c0
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!RegisterHotKey 0000000076cdcd50 8 bytes JMP 000000016fff0848
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!PostThreadMessageA 0000000076cdd2b0 5 bytes JMP 000000016fff0378
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SendMessageA 0000000076cdd338 5 bytes JMP 000000016fff03e8
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SendNotifyMessageW 0000000076cddc40 9 bytes JMP 000000016fff0570
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SystemParametersInfoW 0000000076cdf510 7 bytes JMP 000000016fff08b8
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076cdf874 9 bytes JMP 000000016fff0298
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 0000000076cdfac0 9 bytes JMP 000000016fff0490
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000076ce0b74 10 bytes JMP 000000016fff03b0
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000076ce4d4c 5 bytes JMP 000000016fff02d0
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!GetKeyState 0000000076ce5010 5 bytes JMP 000000016fff0688
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000076ce5438 7 bytes JMP 000000016fff0500
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SendMessageW 0000000076ce6b50 5 bytes JMP 000000016fff0420
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!PostMessageW 0000000076ce76e4 7 bytes JMP 000000016fff0340
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 0000000076cedd90 5 bytes JMP 000000016fff05e0
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!GetClipboardData 0000000076cee874 5 bytes JMP 000000016fff0810
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SetClipboardViewer 0000000076cef780 8 bytes JMP 000000016fff07a0
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SendNotifyMessageA 0000000076cf28e4 12 bytes JMP 000000016fff0538
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!mouse_event 0000000076cf3894 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076cf8a10 8 bytes JMP 000000016fff0650
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000076cf8be0 12 bytes JMP 000000016fff0458
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076cf8c20 12 bytes JMP 000000016fff0260
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SendInput 0000000076cf8cd0 8 bytes JMP 000000016fff0618
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!BlockInput 0000000076cfad60 8 bytes JMP 000000016fff07d8
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000076d214e0 5 bytes JMP 000000016fff0928
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!keybd_event 0000000076d445a4 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 0000000076d4cc08 5 bytes JMP 000000016fff05a8
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\USER32.dll!SendMessageCallbackA 0000000076d4df18 7 bytes JMP 000000016fff04c8
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca0308
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca0228
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0378
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\services.exe[640] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefecfa1a0 7 bytes JMP 000007fffcca0180
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770a0460
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770a0450
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770a0370
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770a0470
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 00000000770a03e0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 00000000770a0320
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770a03b0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770a0390
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770a02e0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770a02d0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 00000000770a0310
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 00000000770a03c0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 00000000770a03f0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770a0230
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 00000000770a0480
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770a03a0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770a02f0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770a0350
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770a0290
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770a02b0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 00000000770a03d0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770a0330
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770a0410
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770a0240
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 00000000770a01e0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770a0250
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770a0490
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770a04a0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770a0300
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770a0360
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770a02a0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770a02c0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770a0380
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770a0340
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770a0440
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770a0260
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770a0270
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770a0400
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 00000000770a01f0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770a0210
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 00000000770a0200
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770a0420
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770a0430
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 00000000770a0220
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770a0280
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189
|
|
02.10.2013, 06:09
| #6 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet.Code:
ATTFilter
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\lsass.exe[696] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\lsass.exe[696] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\lsass.exe[696] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\lsass.exe[696] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\lsass.exe[696] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\lsass.exe[696] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\lsass.exe[696] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\lsass.exe[696] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\system32\lsass.exe[696] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefecfa1a0 7 bytes JMP 000007fffcca0180
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\lsm.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\lsm.exe[704] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\lsm.exe[704] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\lsm.exe[704] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\lsm.exe[704] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\lsm.exe[704] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\lsm.exe[704] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\lsm.exe[704] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\lsm.exe[704] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefef04750 5 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca0308
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca0228
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0378
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefef04750 5 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca0308
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca0228
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0378
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefecfa1a0 7 bytes JMP 000007fffcca0180
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA
|
|
02.10.2013, 06:10
| #7 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet.Code:
ATTFilter
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\atiesrxx.exe[1036] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefecfa1a0 7 bytes JMP 000007fffcca0180
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefef04750 5 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca0308
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca0228
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0378
|
|
02.10.2013, 06:11
| #8 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet.Code:
ATTFilter
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefecfa1a0 7 bytes JMP 000007fffcca0180
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 7 bytes JMP 000000011001d240
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1312] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001100244d0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\atieclxx.exe[1600] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1100] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1340] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 0000000100250460
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 0000000100250450
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 0000000100250370
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 0000000100250470
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000001002503b0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 0000000100250390
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000001002502e0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000001002502d0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 0000000100250230
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000001002503a0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000001002502f0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 0000000100250350
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 0000000100250290
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000001002502b0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 0000000100250330
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 0000000100250410
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 0000000100250240
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 0000000100250250
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 0000000100250490
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000001002504a0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 0000000100250300
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 0000000100250360
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000001002502a0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000001002502c0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 0000000100250380
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 0000000100250340
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 0000000100250440
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 0000000100250260
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 0000000100250270
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 0000000100250400
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 0000000100250210
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 0000000100250420
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 0000000100250430
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 0000000100250280
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\KERNEL32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\KERNEL32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Program Files (x86)\MyPC Backup\BackupStack.exe[1484] C:\Windows\system32\GDI32.dll!PlgBlt
|
|
02.10.2013, 06:13
| #9 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet.Code:
ATTFilter
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefecfa1a0 7 bytes JMP 000007fffcca0180
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\Dwm.exe[2052] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\Explorer.EXE[2084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000076cd6ef0 8 bytes JMP 000000016fff06f8
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000076cd8184 7 bytes JMP 000000016fff0880
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SetParent 0000000076cd8530 8 bytes JMP 000000016fff0730
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!PostMessageA 0000000076cda404 5 bytes JMP 000000016fff0308
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!EnableWindow 0000000076cdaaa0 9 bytes JMP 000000016fff08f0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!MoveWindow 0000000076cdaad0 8 bytes JMP 000000016fff0768
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!GetAsyncKeyState 0000000076cdc720 5 bytes JMP 000000016fff06c0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!RegisterHotKey 0000000076cdcd50 8 bytes JMP 000000016fff0848
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!PostThreadMessageA 0000000076cdd2b0 5 bytes JMP 000000016fff0378
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SendMessageA 0000000076cdd338 5 bytes JMP 000000016fff03e8
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SendNotifyMessageW 0000000076cddc40 9 bytes JMP 000000016fff0570
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SystemParametersInfoW 0000000076cdf510 7 bytes JMP 000000016fff08b8
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076cdf874 9 bytes JMP 000000016fff0298
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 0000000076cdfac0 9 bytes JMP 000000016fff0490
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000076ce0b74 10 bytes JMP 000000016fff03b0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000076ce4d4c 5 bytes JMP 000000016fff02d0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!GetKeyState 0000000076ce5010 5 bytes JMP 000000016fff0688
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000076ce5438 7 bytes JMP 000000016fff0500
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SendMessageW 0000000076ce6b50 5 bytes JMP 000000016fff0420
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!PostMessageW 0000000076ce76e4 7 bytes JMP 000000016fff0340
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 0000000076cedd90 5 bytes JMP 000000016fff05e0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!GetClipboardData 0000000076cee874 5 bytes JMP 000000016fff0810
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SetClipboardViewer 0000000076cef780 8 bytes JMP 000000016fff07a0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SendNotifyMessageA 0000000076cf28e4 12 bytes JMP 000000016fff0538
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!mouse_event 0000000076cf3894 7 bytes JMP 000000016fff0228
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076cf8a10 8 bytes JMP 000000016fff0650
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000076cf8be0 12 bytes JMP 000000016fff0458
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076cf8c20 12 bytes JMP 000000016fff0260
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SendInput 0000000076cf8cd0 8 bytes JMP 000000016fff0618
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!BlockInput 0000000076cfad60 8 bytes JMP 000000016fff07d8
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000076d214e0 5 bytes JMP 000000016fff0928
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!keybd_event 0000000076d445a4 7 bytes JMP 000000016fff01f0
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 0000000076d4cc08 5 bytes JMP 000000016fff05a8
.text C:\Windows\Explorer.EXE[2084] C:\Windows\system32\USER32.dll!SendMessageCallbackA 0000000076d4df18 7 bytes JMP 000000016fff04c8
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca02d0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0308
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca0340
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca03b0
.text C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe[2440] C:\Windows\system32\GDI32.dll!PlgBlt
|
|
02.10.2013, 06:14
| #10 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet.Code:
ATTFilter
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 7 bytes JMP 000000011001d240
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001100244d0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca02d0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0308
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca0340
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca03b0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2500] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0378
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0298
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca0308
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca0228
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01f0
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0260
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0378
.text C:\Windows\System32\svchost.exe[2516] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0340
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 7 bytes JMP 000000011001d240
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Windows\SysWOW64\svchost.exe[2564] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA
|
|
02.10.2013, 06:15
| #11 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet.Code:
ATTFilter
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefecfa1a0 7 bytes JMP 000007fffcca0180
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2592] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\System32\svchost.exe[2632] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\System32\svchost.exe[2632] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\System32\svchost.exe[2632] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\System32\svchost.exe[2632] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\System32\svchost.exe[2632] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\System32\svchost.exe[2632] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\System32\svchost.exe[2632] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\System32\svchost.exe[2632] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\System32\svchost.exe[2632] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\System32\svchost.exe[2632] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefecfa1a0 7 bytes JMP 000007fffcca0180
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 7 bytes JMP 000000011001d240
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2664] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001100244d0
.text C:\Windows\System32\svchost.exe[2716] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\System32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\System32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\System32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\System32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\System32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\System32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\System32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\System32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\System32\svchost.exe[2716] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefecfa1a0 7 bytes JMP 000007fffcca0180
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 7 bytes JMP 000000011001d240
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001100244d0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2748] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\svchost.exe[2824] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefecfa1a0 7 bytes JMP 000007fffcca0180
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2912] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3032] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3032] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3032] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3032] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3032] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3032] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3032] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3032] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3032] C:\Windows\system32\GDI32.dll!PlgBlt
|
|
02.10.2013, 06:16
| #12 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet.Code:
ATTFilter
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\SearchIndexer.exe[2376] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 0000000100a4d120
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 0000000100a5fc20
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 0000000100a5e100
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 0000000100a5ed90
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 0000000100a5c3c0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 0000000100a5e7a0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000100a60080
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [97, 89]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 0000000100a5fe40
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 0000000100a5e400
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 0000000100a5cde0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 0000000100a5b670
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 0000000100a5f8b0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 0000000100a5bfe0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 0000000100a5ca40
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 0000000100a5f6a0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 0000000100a5f220
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 0000000100a5f460
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 0000000100a5c670
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 0000000100a5f020
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000100a57f40
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 7 bytes JMP 0000000100a4d240
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000100a55070
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000100a55c00
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000100a53ba0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 0000000100a4d270
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 0000000100a4b6e0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 0000000100a4c470
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 0000000100a4b1a0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 0000000100a4ac20
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 0000000100a4c160
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000100a48140
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 0000000100a4bc20
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 0000000100a493d0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000100a48980
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000100a47ea0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000100a48c20
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 0000000100a4bec0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 0000000100a4b980
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 0000000100a4b440
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 0000000100a4c690
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 0000000100a4c8b0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 0000000100a4a160
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 0000000100a4a6a0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 0000000100a4aee0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 0000000100a4cb20
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000100a48780
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000100a49eb0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000100a49c00
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000100a49120
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000100a49680
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000100a49930
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000100a48370
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000100a47c90
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 0000000100a597c0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 0000000100a599d0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 0000000100a4a960
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 0000000100a4a400
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000100a48580
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000100a48f00
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000100a58d10
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000100a59530
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000100a59e10
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000100a58d50
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000100a59280
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000100a58ae0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000100a59d10
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000100a58ff0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 0000000100a544d0
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006e4711a8 2 bytes [47, 6E]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 385 000000006e471306 2 bytes CALL ab2d40 C:\Windows\TEMP\logishrd\LVPrcInj03.dll
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006e4713a8 2 bytes [47, 6E]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006e471422 2 bytes [47, 6E]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006e471498 2 bytes [47, 6E]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000073561b41 2 bytes [56, 73]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000073561be8 2 bytes [56, 73]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000073561c20 2 bytes [56, 73]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000073561cd2 2 bytes [56, 73]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000073561cf2 2 bytes [56, 73]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076371465 2 bytes [37, 76]
.text C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763714bb 2 bytes [37, 76]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 7 bytes JMP 000000011001d240
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001100244d0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076371465 2 bytes [37, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763714bb 2 bytes [37, 76]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006e4711a8 2 bytes [47, 6E]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 385 000000006e471306 2 bytes CALL 102d40 C:\Windows\TEMP\logishrd\LVPrcInj03.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006e4713a8 2 bytes [47, 6E]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006e471422 2 bytes [47, 6E]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3168] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006e471498 2 bytes [47, 6E]
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efac0 5 bytes JMP 0000000100240600
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb58 5 bytes JMP 0000000100240804
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0038 5 bytes JMP 0000000100240a08
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000770f1920 5 bytes JMP 0000000100240e10
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 5 bytes JMP 000000011001d240
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076623982 5 bytes JMP 00000001002503fc
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007663f52b 5 bytes JMP 0000000100250a08
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001100244d0
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076865181 5 bytes JMP 0000000100261014
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076865254 5 bytes JMP 0000000100260804
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000768653d5 5 bytes JMP 0000000100260a08
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000768654c2 5 bytes JMP 0000000100260c0c
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000768655e2 5 bytes JMP 0000000100260e10
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007686567c 5 bytes JMP 00000001002601f8
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007686589f 5 bytes JMP 00000001002603fc
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076865a22 5 bytes JMP 0000000100260600
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076371465 2 bytes [37, 76]
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763714bb 2 bytes [37, 76]
.text ... * 2
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000770f1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 5 bytes JMP 000000011001d240
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076623982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007663f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001100244d0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076865181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076865254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000768653d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000768654c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000768655e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007686567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007686589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3908] C:\Windows\SysWOW64\sechost.dll!DeleteService
|
|
02.10.2013, 06:18
| #13 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet.Code:
ATTFilter
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 7 bytes JMP 000000011001d240
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001100244d0
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076371465 2 bytes [37, 76]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763714bb 2 bytes [37, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000770f1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 5 bytes JMP 000000011001d240
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076623982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007663f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001100244d0
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076865181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076865254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000768653d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000768654c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000768655e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007686567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007686589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076865a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076371465 2 bytes [37, 76]
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763714bb 2 bytes [37, 76]
.text ... * 2
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41430 5 bytes JMP 0000000100400b14
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f41490 5 bytes JMP 0000000100400ecc
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f417b0 5 bytes JMP 0000000100401284
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000001004019f4
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\KERNEL32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\KERNEL32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd106e00 5 bytes JMP 000007ff7d121dac
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd106f2c 5 bytes JMP 000007ff7d120ecc
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd107220 5 bytes JMP 000007ff7d121284
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd10739c 5 bytes JMP 000007ff7d12163c
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd107538 5 bytes JMP 000007ff7d1219f4
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1075e8 5 bytes JMP 000007ff7d1203a4
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd10790c 5 bytes JMP 000007ff7d12075c
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4432] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd107ab4 5 bytes JMP 000007ff7d120b14
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd106e00 5 bytes JMP 000007ff7d121dac
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd106f2c 5 bytes JMP 000007ff7d120ecc
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd107220 5 bytes JMP 000007ff7d121284
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd10739c 5 bytes JMP 000007ff7d12163c
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd107538 5 bytes JMP 000007ff7d1219f4
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1075e8 5 bytes JMP 000007ff7d1203a4
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd10790c 5 bytes JMP 000007ff7d12075c
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd107ab4 5 bytes JMP 000007ff7d120b14
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\svchost.exe[4708] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4752] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4752] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4752] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4752] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4752] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4752] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4752] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4752] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd106e00 5 bytes JMP 000007ff7d121dac
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd106f2c 5 bytes JMP 000007ff7d120ecc
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd107220 5 bytes JMP 000007ff7d121284
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd10739c 5 bytes JMP 000007ff7d12163c
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd107538 5 bytes JMP 000007ff7d1219f4
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1075e8 5 bytes JMP 000007ff7d1203a4
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd10790c 5 bytes JMP 000007ff7d12075c
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd107ab4 5 bytes JMP 000007ff7d120b14
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\svchost.exe[4852] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
|
|
02.10.2013, 06:19
| #14 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet.Code:
ATTFilter
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 6 bytes JMP 000000016fff0110
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 6 bytes JMP 000000016fff0d50
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41430 6 bytes {NOP ; JMP 0xffffffff892ff6e4}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f41490 6 bytes {NOP ; JMP 0xffffffff892ffa3c}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 6 bytes JMP 000000016fff0a78
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f417b0 6 bytes {NOP ; JMP 0xffffffff892ffad4}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 6 bytes {NOP ; JMP 0xffffffff892ff214}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\KERNEL32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\KERNEL32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd106e00 6 bytes {NOP ; JMP 0xffffffff8001afac}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd106f2c 6 bytes {NOP ; JMP 0xffffffff80019fa0}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd107220 6 bytes {NOP ; JMP 0xffffffff8001a064}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd10739c 6 bytes {NOP ; JMP 0xffffffff8001a2a0}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd107538 6 bytes {NOP ; JMP 0xffffffff8001a4bc}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1075e8 6 bytes {NOP ; JMP 0xffffffff80018dbc}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd10790c 6 bytes {NOP ; JMP 0xffffffff80018e50}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd107ab4 6 bytes {NOP ; JMP 0xffffffff80019060}
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Program Files\Internet Explorer\iexplore.exe[5000] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 00000001001ed120
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 00000001001ffc20
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 00000001001fe100
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 00000001001fed90
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 00000001001fc3c0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 00000001001fe7a0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000100200080
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [11, 89]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 00000001001ffe40
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 00000001001fe400
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 00000001001fcde0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 00000001001fb670
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 00000001001ff8b0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 00000001001fbfe0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 00000001001fca40
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 00000001001ff6a0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 00000001001ff220
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000770f1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 00000001001ff460
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 00000001001fc670
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 00000001001ff020
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 00000001001f7f40
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 5 bytes JMP 00000001001ed240
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 00000001001f5070
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 00000001001f5c00
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 00000001001f3ba0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 00000001001ed270
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\advapi32.DLL!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001001f44d0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076865181 5 bytes JMP 0000000100141014
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076865254 5 bytes JMP 0000000100140804
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000768653d5 5 bytes JMP 0000000100140a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000768654c2 5 bytes JMP 0000000100140c0c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000768655e2 5 bytes JMP 0000000100140e10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007686567c 5 bytes JMP 00000001001401f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007686589f 5 bytes JMP 00000001001403fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076865a22 5 bytes JMP 0000000100140600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!PostThreadMessageW 0000000076618bff 5 bytes JMP 00000001001eb6e0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SystemParametersInfoW 00000000766190d3 7 bytes JMP 00000001001ec470
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SendMessageW 0000000076619679 5 bytes JMP 00000001001eb1a0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 00000001001eac20
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SetWinEventHook 000000007661ee09 5 bytes JMP 00000001001ec160
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!RegisterHotKey 000000007661efc9 5 bytes JMP 00000001001e8140
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!PostMessageW 00000000766212a5 5 bytes JMP 00000001001ebc20
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!GetKeyState 000000007662291f 5 bytes JMP 00000001001e93d0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SetParent 0000000076622d64 5 bytes JMP 00000001001e8980
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!EnableWindow 0000000076622da4 5 bytes JMP 00000001001e7ea0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!MoveWindow 0000000076623698 5 bytes JMP 00000001001e8c20
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!UnhookWinEvent 0000000076623982 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!PostMessageA 0000000076623baa 5 bytes JMP 00000001001ebec0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!PostThreadMessageA 0000000076623c61 5 bytes JMP 00000001001eb980
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SendMessageA 000000007662612e 5 bytes JMP 00000001001eb440
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SystemParametersInfoA 0000000076626c30 7 bytes JMP 00000001001ec690
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 0000000076627603 5 bytes JMP 00000001001ec8b0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SendNotifyMessageW 0000000076627668 5 bytes JMP 00000001001ea160
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SendMessageCallbackW 00000000766276e0 5 bytes JMP 00000001001ea6a0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutA 000000007662781f 5 bytes JMP 00000001001eaee0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 000000007662835c 5 bytes JMP 00000001001ecb20
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SetClipboardViewer 000000007662c4b6 5 bytes JMP 00000001001e8780
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageA 000000007663c112 5 bytes JMP 00000001001e9eb0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 00000001001e9c00
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!GetAsyncKeyState 000000007663eb96 5 bytes JMP 00000001001e9120
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!GetKeyboardState 000000007663ec68 5 bytes JMP 00000001001e9680
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!UnhookWindowsHookEx 000000007663f52b 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SendInput 000000007663ff4a 5 bytes JMP 00000001001e9930
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!GetClipboardData 0000000076659f1d 5 bytes JMP 00000001001e8370
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!ExitWindowsEx 0000000076661497 5 bytes JMP 00000001001e7c90
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!mouse_event 000000007667027b 5 bytes JMP 00000001001f97c0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!keybd_event 00000000766702bf 5 bytes JMP 00000001001f99d0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 00000001001ea960
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 00000001001ea400
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!BlockInput 0000000076677dd7 5 bytes JMP 00000001001e8580
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\user32.DLL!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 00000001001e8f00
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 00000001001f8d10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 00000001001f9530
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 00000001001f9e10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 00000001001f8d50
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 00000001001f9280
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 00000001001f8ae0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 00000001001f9d10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 00000001001f8ff0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076371465 2 bytes [37, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763714bb 2 bytes [37, 76]
.text ... * 2
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000770f1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 5 bytes JMP 000000011001d240
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076623982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007663f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001100244d0
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076865181 5 bytes JMP 00000001002d1014
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076865254 5 bytes JMP 00000001002d0804
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000768653d5 5 bytes JMP 00000001002d0a08
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000768654c2 5 bytes JMP 00000001002d0c0c
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000768655e2 5 bytes JMP 00000001002d0e10
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007686567c 5 bytes JMP 00000001002d01f8
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007686589f 5 bytes JMP 00000001002d03fc
.text C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[3924] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076865a22 5 bytes JMP 00000001002d0600
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 00000001002bd120
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 00000001002cfc20
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 00000001002ce100
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 00000001002ced90
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 00000001002cc3c0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 00000001002ce7a0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 00000001002d0080
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [1E, 89]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 00000001002cfe40
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 00000001002ce400
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 00000001002ccde0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 00000001002cb670
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 00000001002cf8b0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 00000001002cbfe0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 00000001002cca40
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 00000001002cf6a0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 00000001002cf220
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 00000001002cf460
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 00000001002cc670
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 00000001002cf020
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 00000001002c7f40
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 7 bytes JMP 00000001002bd240
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 00000001002c5070
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 00000001002c5c00
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 00000001002c3ba0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 00000001002bd270
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\advapi32.DLL!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001002c44d0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!PostThreadMessageW 0000000076618bff 5 bytes JMP 00000001002bb6e0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SystemParametersInfoW 00000000766190d3 7 bytes JMP 00000001002bc470
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SendMessageW 0000000076619679 5 bytes JMP 00000001002bb1a0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 00000001002bac20
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SetWinEventHook 000000007661ee09 5 bytes JMP 00000001002bc160
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!RegisterHotKey 000000007661efc9 5 bytes JMP 00000001002b8140
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!PostMessageW 00000000766212a5 5 bytes JMP 00000001002bbc20
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!GetKeyState 000000007662291f 5 bytes JMP 00000001002b93d0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SetParent 0000000076622d64 5 bytes JMP 00000001002b8980
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!EnableWindow 0000000076622da4 5 bytes JMP 00000001002b7ea0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!MoveWindow 0000000076623698 5 bytes JMP 00000001002b8c20
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!PostMessageA 0000000076623baa 5 bytes JMP 00000001002bbec0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!PostThreadMessageA 0000000076623c61 5 bytes JMP 00000001002bb980
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SendMessageA 000000007662612e 5 bytes JMP 00000001002bb440
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SystemParametersInfoA 0000000076626c30 7 bytes JMP 00000001002bc690
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 0000000076627603 5 bytes JMP 00000001002bc8b0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SendNotifyMessageW 0000000076627668 5 bytes JMP 00000001002ba160
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SendMessageCallbackW 00000000766276e0 5 bytes JMP 00000001002ba6a0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutA 000000007662781f 5 bytes JMP 00000001002baee0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 000000007662835c 5 bytes JMP 00000001002bcb20
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SetClipboardViewer 000000007662c4b6 5 bytes JMP 00000001002b8780
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageA 000000007663c112 5 bytes JMP 00000001002b9eb0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 00000001002b9c00
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!GetAsyncKeyState 000000007663eb96 5 bytes JMP 00000001002b9120
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!GetKeyboardState 000000007663ec68 5 bytes JMP 00000001002b9680
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SendInput 000000007663ff4a 5 bytes JMP 00000001002b9930
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!GetClipboardData 0000000076659f1d 5 bytes JMP 00000001002b8370
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!ExitWindowsEx 0000000076661497 5 bytes JMP 00000001002b7c90
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!mouse_event 000000007667027b 5 bytes JMP 00000001002c97c0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!keybd_event 00000000766702bf 5 bytes JMP 00000001002c99d0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 00000001002ba960
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 00000001002ba400
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!BlockInput 0000000076677dd7 5 bytes JMP 00000001002b8580
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\user32.DLL!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 00000001002b8f00
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 00000001002c8d10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 00000001002c9530
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 00000001002c9e10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 00000001002c8d50
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 00000001002c9280
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 00000001002c8ae0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 00000001002c9d10
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 00000001002c8ff0
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076371465 2 bytes [37, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763714bb 2 bytes [37, 76]
.text ... * 2
.text C:\Windows\System32\MsSpellCheckingFacility.exe[5092] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\System32\MsSpellCheckingFacility.exe[5092] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\System32\MsSpellCheckingFacility.exe[5092] C:\Windows\system32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\System32\MsSpellCheckingFacility.exe[5092] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\System32\MsSpellCheckingFacility.exe[5092] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\System32\MsSpellCheckingFacility.exe[5092] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\System32\MsSpellCheckingFacility.exe[5092] C:\Windows\system32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\System32\MsSpellCheckingFacility.exe[5092] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\System32\MsSpellCheckingFacility.exe[5092] C:\Windows\system32\GDI32.dll!PlgBlt
|
|
02.10.2013, 06:19
| #15 |
| | Windows 7: Webseiten werden auf andere Seiten umgeleitet.Code:
ATTFilter
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f41360 5 bytes JMP 00000000770b0460
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076f413a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f413b0 5 bytes JMP 00000000770b0450
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f41510 5 bytes JMP 00000000770b0370
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f41560 5 bytes JMP 00000000770b0470
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f41570 5 bytes JMP 000000016fff0a78
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076f415e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41620 5 bytes JMP 000000016fff0b90
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f41650 5 bytes JMP 00000000770b03b0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f41670 5 bytes JMP 00000000770b0390
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f416b0 5 bytes JMP 00000000770b02e0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076f416c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41730 5 bytes JMP 00000000770b02d0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f41750 5 bytes JMP 000000016fff0b58
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f41790 5 bytes JMP 000000016fff0998
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f417e0 5 bytes JMP 000000016fff09d0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076f41800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f41940 5 bytes JMP 00000000770b0230
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076f419f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b00 5 bytes JMP 000000016fff0960
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b30 5 bytes JMP 00000000770b03a0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076f41bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c10 5 bytes JMP 00000000770b02f0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c20 5 bytes JMP 00000000770b0350
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41c80 5 bytes JMP 00000000770b0290
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d10 5 bytes JMP 00000000770b02b0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f41d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d30 5 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41d40 5 bytes JMP 00000000770b0330
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41db0 5 bytes JMP 00000000770b0410
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41de0 5 bytes JMP 00000000770b0240
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f420a0 5 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076f42130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f42160 5 bytes JMP 00000000770b0250
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f42190 5 bytes JMP 00000000770b0490
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f421a0 5 bytes JMP 00000000770b04a0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f421d0 5 bytes JMP 00000000770b0300
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f421e0 5 bytes JMP 00000000770b0360
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f42240 5 bytes JMP 00000000770b02a0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f42290 5 bytes JMP 00000000770b02c0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f422c0 5 bytes JMP 00000000770b0380
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f422d0 5 bytes JMP 00000000770b0340
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f425c0 5 bytes JMP 00000000770b0440
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f427c0 5 bytes JMP 00000000770b0260
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f427d0 5 bytes JMP 00000000770b0270
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f427e0 5 bytes JMP 00000000770b0400
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f429a0 5 bytes JMP 000000016fff0b20
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f429b0 5 bytes JMP 00000000770b0210
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a20 5 bytes JMP 000000016fff0a08
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42a80 5 bytes JMP 00000000770b0420
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42a90 5 bytes JMP 00000000770b0430
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42aa0 5 bytes JMP 000000016fff0a40
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42b80 5 bytes JMP 00000000770b0280
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\kernel32.dll!CreateProcessAsUserW 0000000076dda420 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\kernel32.dll!CreateProcessW 0000000076df1b50 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076e2eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\kernel32.dll!CreateProcessA 0000000076e68810 7 bytes JMP 000000016fff0180
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcdd53c0 7 bytes JMP 000007fffcca0148
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\GDI32.dll!DeleteDC 000007fefed922cc 5 bytes JMP 000007fffcca0260
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\GDI32.dll!BitBlt 000007fefed924c0 5 bytes JMP 000007fffcca0298
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\GDI32.dll!MaskBlt 000007fefed95be0 5 bytes JMP 000007fffcca02d0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\GDI32.dll!CreateDCW 000007fefed98398 9 bytes JMP 000007fffcca01f0
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\GDI32.dll!CreateDCA 000007fefed989c8 9 bytes JMP 000007fffcca01b8
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\GDI32.dll!GetPixel 000007fefed99344 5 bytes JMP 000007fffcca0228
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\GDI32.dll!StretchBlt 000007fefed9b9e8 5 bytes JMP 000007fffcca0340
.text C:\Windows\system32\AUDIODG.EXE[816] C:\Windows\System32\GDI32.dll!PlgBlt 000007fefeda5410 5 bytes JMP 000007fffcca0308
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000770ef9e0 5 bytes JMP 000000011001d120
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efcb0 5 bytes JMP 000000011002fc20
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000770efd64 5 bytes JMP 000000011002e100
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000770efdc8 5 bytes JMP 000000011002ed90
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000770efec0 5 bytes JMP 000000011002c3c0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770effa4 5 bytes JMP 000000011002e7a0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000770f0004 2 bytes JMP 0000000110030080
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 00000000770f0007 2 bytes [F4, 98]
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000770f0084 5 bytes JMP 000000011002fe40
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770f00b4 5 bytes JMP 000000011002e400
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770f03b8 5 bytes JMP 000000011002cde0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770f0550 5 bytes JMP 000000011002b670
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000770f0694 5 bytes JMP 000000011002f8b0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000770f088c 5 bytes JMP 000000011002bfe0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770f08a4 5 bytes JMP 000000011002ca40
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000770f0df4 5 bytes JMP 000000011002f6a0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000770f0ed8 5 bytes JMP 000000011002f220
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000770f1be4 5 bytes JMP 000000011002f460
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000770f1cb4 5 bytes JMP 000000011002c670
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000770f1d8c 5 bytes JMP 000000011002f020
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c4dd 5 bytes JMP 0000000110027f40
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111287 7 bytes JMP 000000011001d240
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076bd103d 5 bytes JMP 0000000110025070
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076bd1072 5 bytes JMP 0000000110025c00
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bfa2ba 1 byte [62]
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076bfc965 5 bytes JMP 0000000110023ba0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076b0f776 5 bytes JMP 000000011001d270
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076618bff 5 bytes JMP 000000011001b6e0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000766190d3 7 bytes JMP 000000011001c470
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076619679 5 bytes JMP 000000011001b1a0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000766197d2 5 bytes JMP 000000011001ac20
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007661ee09 5 bytes JMP 000000011001c160
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007661efc9 5 bytes JMP 0000000110018140
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766212a5 5 bytes JMP 000000011001bc20
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007662291f 5 bytes JMP 00000001100193d0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SetParent 0000000076622d64 5 bytes JMP 0000000110018980
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076622da4 5 bytes JMP 0000000110017ea0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076623698 5 bytes JMP 0000000110018c20
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076623baa 5 bytes JMP 000000011001bec0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076623c61 5 bytes JMP 000000011001b980
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007662612e 5 bytes JMP 000000011001b440
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076626c30 7 bytes JMP 000000011001c690
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076627603 5 bytes JMP 000000011001c8b0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076627668 5 bytes JMP 000000011001a160
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000766276e0 5 bytes JMP 000000011001a6a0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007662781f 5 bytes JMP 000000011001aee0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007662835c 5 bytes JMP 000000011001cb20
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007662c4b6 5 bytes JMP 0000000110018780
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007663c112 5 bytes JMP 0000000110019eb0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007663d0f5 5 bytes JMP 0000000110019c00
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007663eb96 5 bytes JMP 0000000110019120
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007663ec68 5 bytes JMP 0000000110019680
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SendInput 000000007663ff4a 5 bytes JMP 0000000110019930
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076659f1d 5 bytes JMP 0000000110018370
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076661497 5 bytes JMP 0000000110017c90
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!mouse_event 000000007667027b 5 bytes JMP 00000001100297c0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!keybd_event 00000000766702bf 5 bytes JMP 00000001100299d0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076676cfc 5 bytes JMP 000000011001a960
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076676d5d 5 bytes JMP 000000011001a400
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076677dd7 5 bytes JMP 0000000110018580
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000766788eb 5 bytes JMP 0000000110018f00
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769f58b3 5 bytes JMP 0000000110028d10
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000769f5ea6 5 bytes JMP 0000000110029530
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769f7bcc 5 bytes JMP 0000000110029e10
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000769fb895 5 bytes JMP 0000000110028d50
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000769fc332 5 bytes JMP 0000000110029280
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000769fcbfb 5 bytes JMP 0000000110028ae0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769fe743 5 bytes JMP 0000000110029d10
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076a24646 5 bytes JMP 0000000110028ff0
.text C:\Users\Creasy\Desktop\gmer_2.1.19163.exe[2348] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767d2538 5 bytes JMP 00000001100244d0
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\services.exe [640:3024] 0000000000131de4
Thread C:\Windows\system32\services.exe [640:2272] 0000000000241808
Thread C:\Windows\system32\services.exe [640:2276] 00000000014d49a0
Thread C:\Windows\system32\services.exe [640:2252] 00000000014d4410
Thread C:\Windows\system32\services.exe [640:2248] 00000000014d8ba0
Thread [900:932] 0000000076867587
Thread [900:992] 0000000077122e65
Thread [900:2332] 0000000077123e85
Thread [900:3456] 0000000071026837
Thread [900:3460] 00000000710265c0
Thread [900:3464] 00000000710265c0
Thread [900:3468] 00000000710265c0
Thread [900:3472] 00000000710265c0
Thread [900:3476] 00000000710265c0
Thread [900:3480] 00000000710265c0
Thread [900:3484] 00000000710265c0
Thread [900:3488] 00000000710265c0
Thread [900:3492] 00000000710265c0
Thread [900:3496] 00000000710265c0
Thread [900:3504] 0000000077123e85
Thread [900:1732] 0000000077123e85
Thread [1884:1896] 0000000077123e85
Thread [1884:1900] 0000000076867587
Thread [1884:1904] 000000007262c59c
Thread [1884:1912] 000000007262c59c
Thread [1884:1916] 000000007262c59c
Thread [1884:1920] 000000007262c59c
Thread [1884:1924] 00000000729b32fb
Thread C:\Windows\SysWOW64\svchost.exe [4680:5932] 0000000072ba9080
Thread C:\Windows\SysWOW64\svchost.exe [4680:5432] 0000000072ba8980
Thread C:\Windows\SysWOW64\svchost.exe [4680:5336] 0000000072ba8950
---- Processes - GMER 2.1 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\MyPC Backup\BackupStack.exe [1484] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-06-23 21:26:41) 000007fefc390000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2084] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-06-23 21:26:41) 000007fefc390000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe [3108] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-06-23 21:26:25) 0000000070a10000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [3168] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-06-23 21:26:25) 0000000070a10000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files\AVAST Software\Avast\AvastUI.exe [4028] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-06-23 21:26:25) 0000000070a10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [4708] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-06-23 21:26:41) 000007fefc390000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Internet Explorer\iexplore.exe [5000] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-06-23 21:26:41) 000007fefc390000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4320] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-06-23 21:26:25) 0000000070a10000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [1832] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-06-23 21:26:25) 0000000070a10000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5B 0x30 0x06 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\WinUsb\Parameters\Wdf@TimeOfLastSqmLog 0xC4 0x7E 0x07 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\
Reg HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764 804
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 4
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5B 0x30 0x06 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\services\ (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\@Parameters\0\x202e\x2764 804
---- EOF - GMER 2.1 ----
|
|
| Themen zu Windows 7: Webseiten werden auf andere Seiten umgeleitet. |
| antivirus, diverse, falsche seiten, gelöscht, gen:variant.kazy.258432, java, log, programme, superantispyware, trace.registry.alexa, trace.registry.alexatoolbar, trace.registry.net, trace.registry.trymedia, trojan.generic.9525749, trojan.generic.9594309, trojan.generic.9602417, trojan.generic.is.559211, trojan.sirefef.gy, trojan.sirefef.hk, trojan.sirefef.ys, trojan.win32.zaccess, variant.kazy, webseite, windows, windows 7 |
Linear-Darstellung
