Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Internet stürzt ab

Internet stürzt ab


Log-Analyse und Auswertung: Internet stürzt ab

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 31.03.2014, 10:40   #16
schrauber
/// the machine
/// TB-Ausbilder
 
Internet stürzt ab - Standard

Internet stürzt ab


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.03.2014, 12:41   #17
ertanal
 
Internet stürzt ab - Standard

Internet stürzt ab


Zitat:
Zitat von schrauber Beitrag anzeigen
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
Hab ich gemacht funktoniert nicht , da die Datei gross ist. Ich habs gepackt.
__________________
Alt 01.04.2014, 09:05   #18
schrauber
/// the machine
/// TB-Ausbilder
 
Internet stürzt ab - Standard

Internet stürzt ab


Ich zitiere mich mal:

Zitat:
Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Zitat:
Ich habs gepackt.
Zitat:
Ich kann auf Arbeit keine Anhänge öffnen, danke.
__________________
__________________
Alt 01.04.2014, 11:06   #19
ertanal
 
Internet stürzt ab - Standard

Internet stürzt ab


Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-30 14:39:51
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003b ST2000DM001-9YN164 rev.HP16 1863,02GB
Running: Gmer-19357.exe; Driver: C:\Users\engin\AppData\Local\Temp\pxloapog.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\windows\System32\drivers\USBPORT.SYS!DllUnload + 1                                                                                                                                                                                                  fffff880053424c1 11 bytes {MOV RAX, 0xfffffa80069bf2a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                 000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                          000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                          000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                               000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                     000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                          000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                   000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                      000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                            000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                          000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                        000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                    000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                         000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                      000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                         000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                              000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                             000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                      000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                   000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                         000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                      000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                       000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                          000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                   000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                      000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                           000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                      000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                      000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                             000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                        000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                     000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                           000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                        000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                           000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                            000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                     000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                    000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                       000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                     000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                 000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                  000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                       000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                       000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                        000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                   000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\System32\smss.exe[376] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                           000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                         000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                         000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                              000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                    000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                         000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                  000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                     000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                           000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                         000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                       000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                   000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                        000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                     000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                        000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                             000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                            000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                     000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                  000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                        000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                     000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                      000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                         000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                  000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                     000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                          000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                     000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                     000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                            000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                       000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                    000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                          000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                       000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                          000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                           000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                    000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                   000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                      000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                    000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                 000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                      000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                      000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                       000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                  000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                          000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\csrss.exe[576] C:\windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163                                                                                                                                                               000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                              000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                       000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                       000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                            000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                  000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                       000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                   000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                         000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                       000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                     000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                 000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                      000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                   000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                      000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                           000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                          000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                   000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                      000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                   000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                    000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                       000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                   000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                        000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                   000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                   000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                          000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                     000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                  000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                        000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                     000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                        000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                         000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                  000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                 000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                    000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                  000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                              000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                               000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                    000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                    000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                     000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                        000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\wininit.exe[684] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                             000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                    000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\services.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\services.exe[772] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                         000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                         000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                              000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                    000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                         000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                  000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                     000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                           000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                         000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                       000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                   000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                        000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                     000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                        000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                             000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                            000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                     000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                  000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                        000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                     000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                      000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                         000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                  000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                     000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                          000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                     000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                     000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                            000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                       000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                    000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                          000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                       000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                          000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                           000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                    000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                   000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                      000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                    000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                 000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                      000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                      000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                       000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                  000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\lsass.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                          000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\lsass.exe[780] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                               000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                              000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                       000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                       000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                            000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                  000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                       000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                   000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                         000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                       000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                     000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                 000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                      000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                   000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                      000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                           000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                          000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                   000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                      000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                   000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                    000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                       000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                   000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                        000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                   000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                   000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                          000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                     000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                  000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                        000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                     000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                        000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                         000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                  000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                 000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                    000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                  000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                              000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                               000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                    000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                    000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                     000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\svchost.exe[888] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                        000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\svchost.exe[888] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                             000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                               000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                        000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                        000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                             000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                   000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                        000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                 000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                    000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                          000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                        000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                      000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                  000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                       000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                    000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                       000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                            000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                           000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
Teil 1

Alt 01.04.2014, 11:09   #20
ertanal
 
Internet stürzt ab - Standard

Internet stürzt ab


Code:
ATTFilter
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                    000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                 000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                       000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                    000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                     000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                        000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                 000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                    000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                         000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                    000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                    000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                           000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                      000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                   000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                         000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                      000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                         000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                          000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                   000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                  000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                     000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                   000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                               000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                     000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                     000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                      000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                 000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                         000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\nvvsvc.exe[948] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                              000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                    000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\svchost.exe[1016] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\svchost.exe[1016] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                              000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                       000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                       000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                            000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                  000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                       000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                   000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                         000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                       000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                     000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                 000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                      000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                   000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                      000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                           000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                          000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                   000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                      000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                   000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                    000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                       000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                   000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                        000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                   000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                   000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                          000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                     000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                  000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                        000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                     000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                        000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                         000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                  000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                 000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                    000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                  000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                              000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                               000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                    000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                    000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                     000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                        000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\System32\svchost.exe[496] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                             000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                              000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                       000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                       000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                            000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                  000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                       000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                   000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                         000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                       000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                     000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                 000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                      000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                   000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                      000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                           000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                          000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                   000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                      000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                   000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                    000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                       000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                   000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                        000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                   000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                   000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                          000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                     000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                  000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                        000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                     000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                        000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                         000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                  000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                 000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                    000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                  000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                              000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                               000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                    000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                    000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                     000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\svchost.exe[544] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                        000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\svchost.exe[544] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                             000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\svchost.exe[500] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                             000007fd6c23f7eb 1 byte [62]
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                    000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\System32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\System32\svchost.exe[1104] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                       000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                     000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                           000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                         000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                            000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                  000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                              000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                          000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                               000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                            000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                               000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                    000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                   000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                            000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                         000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                               000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                            000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                             000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                         000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                            000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                 000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                            000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                            000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                   000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                              000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                           000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                 000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                              000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                 000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                  000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                           000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                          000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                             000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                           000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                       000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                        000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                             000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                             000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                              000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                         000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                 000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1164] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                      000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                    000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\svchost.exe[1336] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread
Teil 2


Alt 01.04.2014, 11:10   #21
ertanal
 
Internet stürzt ab - Standard

Internet stürzt ab


Code:
ATTFilter
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\System32\spoolsv.exe[1952] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                    000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\svchost.exe[1996] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\svchost.exe[1996] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                    000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\svchost.exe[1456] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\svchost.exe[1456] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                  000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                           000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                           000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                      000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                           000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                    000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                       000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                             000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                           000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                         000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                     000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                          000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                       000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                          000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                               000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                              000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                       000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                    000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                          000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                       000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                        000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                           000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                    000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                       000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                            000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                       000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                       000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                              000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                         000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                      000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                            000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                         000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                            000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                             000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                      000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                     000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                        000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                      000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                  000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                   000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                        000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                        000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                         000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                    000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                            000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2092] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                 000007fd6c23f7eb 1 byte [62]
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                           000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                    000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                    000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                         000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                               000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                    000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                             000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                      000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                    000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                  000007fd6ee43080 1 byte JMP 000007fdef010310
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                              000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                   000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                   000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                        000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                       000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                             000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                   000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                 000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                    000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                             000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                     000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                       000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                  000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                               000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                     000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                  000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                     000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                      000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                               000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                              000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                 000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                               000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                           000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                            000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                 000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                 000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                  000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                             000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                     000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    c:\Program Files\Intel\iCLS Client\HeciServer.exe[2164] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                          000007fd6c23f7eb 1 byte [62]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                    000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl
Teil 3

Alt 01.04.2014, 11:11   #22
ertanal
 
Internet stürzt ab - Standard

Internet stürzt ab


Code:
ATTFilter
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2452] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                    000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\svchost.exe[2896] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\svchost.exe[2896] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                    000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\svchost.exe[3396] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\svchost.exe[3396] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                    000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\svchost.exe[4064] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\svchost.exe[4064] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                       000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                     000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                           000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                         000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                            000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                  000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                              000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                          000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                               000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                            000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                               000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                    000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                   000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                            000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                         000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                               000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                            000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                             000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                         000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                            000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                 000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                            000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                            000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                   000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                              000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                           000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                 000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                              000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                 000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                  000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                           000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                          000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                             000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                           000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                       000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                        000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                             000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                             000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                              000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                         000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                 000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\SearchIndexer.exe[4264] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                      000007fd6c23f7eb 1 byte [62]
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                   000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                            000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                            000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                 000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                       000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                            000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                     000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                        000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                              000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                            000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                          000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                      000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                           000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                        000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                           000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                               000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                        000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                     000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                           000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                        000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                         000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                            000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                     000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                        000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                             000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                        000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                        000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                               000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                          000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                       000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                             000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                          000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                             000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                              000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                       000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                      000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                         000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                       000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                   000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                    000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                         000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                         000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                          000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                     000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                             000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\Program Files\iPod\bin\iPodService.exe[3860] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                  000007fd6c23f7eb 1 byte [62]
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                         000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                         000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                              000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                    000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                         000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                  000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                     000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                           000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                         000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                       000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                   000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                        000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                     000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                        000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                             000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                            000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                     000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                  000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                        000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                     000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                      000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                         000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                  000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                     000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                          000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                     000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                     000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                            000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                       000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                    000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                          000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                       000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                          000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                           000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                    000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                   000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                      000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                    000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                 000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                      000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                      000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                       000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                  000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                          000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                                                               000007fd6c23f7eb 1 byte [62]
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                                                                                        000007fd6c62177a 4 bytes [62, 6C, FD, 07]
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1472] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                                                                                        000007fd6c621782 4 bytes [62, 6C, FD, 07]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                     000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                              000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                              000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                   000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                         000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                              000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                       000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                          000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                              000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                            000007fd6ee43080 1 byte JMP 000007fdef010310
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                        000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                             000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                          000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                             000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                  000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                 000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                          000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                       000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                             000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                          000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                           000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                              000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                       000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                          000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                               000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                          000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                          000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                 000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                            000007fd6ee43c11 5 bytes JMP 000007fdef010300
Teil 4

Alt 01.04.2014, 11:13   #23
ertanal
 
Internet stürzt ab - Standard

Internet stürzt ab


Code:
ATTFilter
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                         000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                               000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                            000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                               000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                         000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                        000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                           000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                         000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                     000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                      000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                           000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                           000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                            000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                       000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                               000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                                                    000007fd6c23f7eb 1 byte [62]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                                                                             000007fd6c62177a 4 bytes [62, 6C, FD, 07]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[2160] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                                                                             000007fd6c621782 4 bytes [62, 6C, FD, 07]
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                    000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\dashost.exe[5296] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\dashost.exe[5296] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                            000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                     000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                     000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                          000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                     000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                              000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                 000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                       000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                     000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                   000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                               000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                    000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                 000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                    000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                         000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                        000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                 000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                              000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                    000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                 000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                  000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                     000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                              000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                 000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                      000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                 000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                 000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                        000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                   000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                      000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                   000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                      000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                       000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                               000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                  000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                            000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                             000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                  000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                  000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                   000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                              000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                      000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\system32\taskhost.exe[1600] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                           000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\csrss.exe[5976] C:\windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163                                                                                                                                                              000007fd6c23f7eb 1 byte [62]
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                            000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                     000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                     000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                          000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                     000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                              000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                 000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                       000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                     000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                   000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                               000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                    000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                 000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                    000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                         000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                        000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                 000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                              000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                    000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                 000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                  000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                     000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                              000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                 000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                      000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                 000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                 000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                        000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                   000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                      000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                   000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                      000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                       000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                               000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                  000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                            000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                             000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                  000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                  000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                   000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                              000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                      000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\System32\WinLogon.exe[2792] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                           000007fd6c23f7eb 1 byte [62]
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                 000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                          000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                          000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                               000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                     000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                          000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                   000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                      000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                            000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                          000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                        000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                                    000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                         000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                      000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                         000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                              000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                             000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                      000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                   000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                         000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                      000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                       000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                          000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                   000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                      000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                           000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                      000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                      000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                             000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                        000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                     000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                           000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                        000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                           000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                            000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                     000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                    000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                       000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                     000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                 000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                  000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                       000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                       000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                        000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                   000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\System32\dwm.exe[5624] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                           000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\System32\dwm.exe[5624] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                                000007fd6c23f7eb 1 byte [62]
.text    C:\windows\System32\dwm.exe[5624] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                                                         000007fd6c62177a 4 bytes [62, 6C, FD, 07]
.text    C:\windows\System32\dwm.exe[5624] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                                                         000007fd6c621782 4 bytes [62, 6C, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3200] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                   000007fd6c23f7eb 1 byte [62]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3200] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                                      000007fd699d1532 4 bytes [9D, 69, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3200] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                                      000007fd699d153a 4 bytes [9D, 69, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3200] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                                    000007fd699d165a 4 bytes [9D, 69, FD, 07]
.text    C:\windows\system32\nvvsvc.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                               000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\system32\nvvsvc.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                        000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\system32\nvvsvc.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                        000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\system32\nvvsvc.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                             000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\system32\nvvsvc.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                   000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
Teil 5

Alt 01.04.2014, 11:17   #24
ertanal
 
Internet stürzt ab - Standard

Internet stürzt ab


Code:
ATTFilter
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                 000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                          000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                             000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                   000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                 000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                               000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                                           000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                             000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                     000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                    000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                             000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                          000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                             000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                              000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                 000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                          000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                             000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                  000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                             000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                             000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                    000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                               000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                            000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                  000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                               000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                  000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                   000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                            000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                           000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                              000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                            000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                        000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                         000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                              000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                              000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                               000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                          000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                  000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\Program Files\IDT\WDM\Beats64.exe[5828] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                       000007fd6c23f7eb 1 byte [62]
.text    C:\Program Files\IDT\WDM\sttray64.exe[3192] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                      000007fd6c23f7eb 1 byte [62]
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                  000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                           000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                           000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                      000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                           000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                    000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                       000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                             000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                           000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                         000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                                     000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                          000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                       000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                          000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                               000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                              000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                       000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                    000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                          000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                       000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                        000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                           000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                    000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                       000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                            000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                       000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                       000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                              000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                         000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                      000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                            000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                         000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                            000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                             000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                      000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                     000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                        000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                      000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                  000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                   000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                        000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                        000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                         000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                    000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                            000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                 000007fd6c23f7eb 1 byte [62]
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                                    000007fd699d1532 4 bytes [9D, 69, FD, 07]
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                                    000007fd699d153a 4 bytes [9D, 69, FD, 07]
.text    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[44] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                                  000007fd699d165a 4 bytes [9D, 69, FD, 07]
.text    C:\Program Files\WR-Tools\GpuTemp\GpuTmp64.exe[524] C:\windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                              000007fd6c23f7eb 1 byte [62]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                        000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                 000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                 000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                      000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                            000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                 000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                          000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                             000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                   000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                 000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                               000007fd6ee43080 1 byte JMP 000007fdef010310
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                           000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                             000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                     000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                    000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                             000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                          000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                             000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                              000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                 000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                          000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                             000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                  000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                             000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                             000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                    000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                               000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                            000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                  000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                               000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                  000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                   000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                            000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                           000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                              000007fd6ee44231 5 bytes JMP 000007fdef010270
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                            000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                        000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                         000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                              000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                              000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                               000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                          000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                  000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                                                       000007fd6c23f7eb 1 byte [62]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                                                                                000007fd6c62177a 4 bytes [62, 6C, FD, 07]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[1228] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                                                                                000007fd6c621782 4 bytes [62, 6C, FD, 07]
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                     000007fd6ee42c90 5 bytes JMP 000007fdef010460
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                              000007fd6ee42ce0 5 bytes JMP 000007fdef010450
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                              000007fd6ee42e40 5 bytes JMP 000007fdef010370
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                   000007fd6ee42e90 5 bytes JMP 000007fdef010470
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                         000007fd6ee42ea0 5 bytes JMP 000007fdef0103e0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                              000007fd6ee42f50 5 bytes JMP 000007fdef010320
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                       000007fd6ee42f80 5 bytes JMP 000007fdef0103b0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                          000007fd6ee42fa0 5 bytes JMP 000007fdef010390
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                000007fd6ee42fe0 5 bytes JMP 000007fdef0102e0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                              000007fd6ee43060 5 bytes JMP 000007fdef0102d0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                            000007fd6ee43080 1 byte JMP 000007fdef010310
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 2                                                                                                                        000007fd6ee43082 3 bytes {JMP 0xffffffff801cd290}
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                             000007fd6ee430c0 5 bytes JMP 000007fdef0103c0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                          000007fd6ee43110 5 bytes JMP 000007fdef0103f0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                             000007fd6ee43281 5 bytes JMP 000007fdef010230
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                  000007fd6ee43471 5 bytes JMP 000007fdef010480
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                 000007fd6ee434a1 5 bytes JMP 000007fdef0103a0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                          000007fd6ee435b1 5 bytes JMP 000007fdef0102f0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                       000007fd6ee435d1 5 bytes JMP 000007fdef010350
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                             000007fd6ee43641 5 bytes JMP 000007fdef010290
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                          000007fd6ee436d1 5 bytes JMP 000007fdef0102b0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                           000007fd6ee436f1 5 bytes JMP 000007fdef0103d0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                              000007fd6ee43701 5 bytes JMP 000007fdef010330
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                       000007fd6ee437a1 5 bytes JMP 000007fdef010410
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                          000007fd6ee437d1 5 bytes JMP 000007fdef010240
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                               000007fd6ee43ae1 5 bytes JMP 000007fdef0101e0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                          000007fd6ee43ba1 5 bytes JMP 000007fdef010250
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                          000007fd6ee43bd1 5 bytes JMP 000007fdef010490
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                 000007fd6ee43be1 5 bytes JMP 000007fdef0104a0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                            000007fd6ee43c11 5 bytes JMP 000007fdef010300
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                         000007fd6ee43c21 5 bytes JMP 000007fdef010360
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                               000007fd6ee43c81 5 bytes JMP 000007fdef0102a0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                            000007fd6ee43cd1 5 bytes JMP 000007fdef0102c0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                               000007fd6ee43d01 5 bytes JMP 000007fdef010380
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                000007fd6ee43d11 5 bytes JMP 000007fdef010340
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                         000007fd6ee44021 5 bytes JMP 000007fdef010440
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                        000007fd6ee44221 5 bytes JMP 000007fdef010260
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                           000007fd6ee44231 5 bytes JMP 000007fdef010270
Teil 6

Code:
ATTFilter
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                         000007fd6ee44251 5 bytes JMP 000007fdef010400
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                     000007fd6ee44431 5 bytes JMP 000007fdef0101f0
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                      000007fd6ee44441 5 bytes JMP 000007fdef010210
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                           000007fd6ee444b1 5 bytes JMP 000007fdef010200
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                           000007fd6ee44521 5 bytes JMP 000007fdef010420
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                            000007fd6ee44531 5 bytes JMP 000007fdef010430
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                       000007fd6ee44541 5 bytes JMP 000007fdef010220
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                               000007fd6ee44651 5 bytes JMP 000007fdef010280
.text    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6080] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                                                                    000007fd6c23f7eb 1 byte [62]
.text    C:\windows\system32\AUDIODG.EXE[3244] C:\windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                                                                                                            000007fd6c23f7eb 1 byte [62]

---- Devices - GMER 2.1 ----

Device   \Driver\VClone \Device\Scsi\VClone1                                                                                                                                                                                                                    fffffa800693e2c0
Device   \FileSystem\Ntfs \Ntfs                                                                                                                                                                                                                                 fffffa80068a32c0
Device   \FileSystem\fastfat \Fat                                                                                                                                                                                                                               fffffa80069342c0
Device   \Driver\USBSTOR \Device\00000058                                                                                                                                                                                                                       fffffa80069362c0
Device   \Driver\usbehci \Device\USBPDO-1                                                                                                                                                                                                                       fffffa80069c12c0
Device   \Driver\storahci \Device\RaidPort0                                                                                                                                                                                                                     fffffa80068a52c0
Device   \Driver\cdrom \Device\CdRom0                                                                                                                                                                                                                           fffffa800689d2c0
Device   \Driver\storahci \Device\0000003b                                                                                                                                                                                                                      fffffa80068a52c0
Device   \Driver\USBSTOR \Device\00000055                                                                                                                                                                                                                       fffffa80069362c0
Device   \Driver\usbehci \Device\USBPDO-2                                                                                                                                                                                                                       fffffa80069c12c0
Device   \Driver\usbehci \Device\USBFDO-0                                                                                                                                                                                                                       fffffa80069c12c0
Device   \Driver\storahci \Device\0000003c                                                                                                                                                                                                                      fffffa80068a52c0
Device   \Driver\NetBT \Device\NetBT_Tcpip_{8FDBB051-95BF-412F-933F-373BC2F0A315}                                                                                                                                                                               fffffa800689b2c0
Device   \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                                                                                                                fffffa800689b2c0
Device   \Driver\usbehci \Device\USBFDO-2                                                                                                                                                                                                                       fffffa80069c12c0
Device   \Driver\storahci \Device\ScsiPort0                                                                                                                                                                                                                     fffffa80068a52c0
Device   \Driver\VClone \Device\ScsiPort1                                                                                                                                                                                                                       fffffa800693e2c0

---- Trace I/O - GMER 2.1 ----

Trace    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80068a52c0]<< sptd.sys storport.sys hal.dll storahci.sys                                                                                                                                fffffa80068a52c0
Trace    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077cf060]                                                                                                                                                                                        fffffa80077cf060
Trace    3 CLASSPNP.SYS[fffff88001b08e0a] -> nt!IofCallDriver -> [0xfffffa8007348c10]                                                                                                                                                                           fffffa8007348c10
Trace    5 ACPI.sys[fffff8800117fa91] -> nt!IofCallDriver -> \Device\0000003b[0xfffffa8007346060]                                                                                                                                                               fffffa8007346060
Trace    \Driver\storahci[0xfffffa8007349060] -> IRP_MJ_CREATE -> 0xfffffa80068a52c0                                                                                                                                                                            fffffa80068a52c0

---- Threads - GMER 2.1 ----

Thread   C:\windows\system32\csrss.exe [5976:5148]                                                                                                                                                                                                              fffff960007c15e8
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:3004]                                                                                                                                                                                                              00000000004a3598
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:2648]                                                                                                                                                                                                              0000000062adb070
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:3668]                                                                                                                                                                                                              00000000737d0fd0
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:5952]                                                                                                                                                                                                              000000000040d250
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:4100]                                                                                                                                                                                                              000000000040d310
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:2616]                                                                                                                                                                                                              000000000040dc50
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:2268]                                                                                                                                                                                                              000000000040dc50
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:2532]                                                                                                                                                                                                              000000000040dc50
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:4984]                                                                                                                                                                                                              000000000031b220
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:4552]                                                                                                                                                                                                              00000000003281e0
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:2124]                                                                                                                                                                                                              0000000062d76750
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:1252]                                                                                                                                                                                                              0000000062d76750
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:5288]                                                                                                                                                                                                              0000000062d76750
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:5984]                                                                                                                                                                                                              0000000062d76750
Thread   C:\windows\SYSTEM32\ntdll.dll [6048:384]                                                                                                                                                                                                               0000000062d76750
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\CSharpDapsters.dll (*** suspicious ***) @ C:\Program Files (x86)\DAP\DAP.exe [5056] (FILE NOT FOUND)                                                                000000006f700000
Library  C:\ProgramData\Speedbit\DAP\Plugins\516CA5E4-8DA8-4cdd-AAB6-739C7D587C24\1.0.0.6_0\Converter.dll (*** suspicious ***) @ C:\Program Files (x86)\DAP\DAP.exe [5056] (FILE NOT FOUND)                                                                     00000000655d0000
Library  C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll (*** suspicious ***) @ C:\Program Files (x86)\DAP\DAP.exe [5056] (FILE NOT FOUND)                                                                   000000000a9c0000
Library  C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\DapsterTools.dll (*** suspicious ***) @ C:\Program Files (x86)\DAP\DAP.exe [5056] (FILE NOT FOUND)                                                                  000000000ab70000
Library  C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll (*** suspicious ***) @ C:\Program Files (x86)\DAP\DAP.exe [5056] (FILE NOT FOUND)                                                                 000000000e2e0000
Library  C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll (*** suspicious ***) @ C:\Program Files (x86)\DAP\DAP.exe [5056] (FILE NOT FOUND)                                                                    000000000e440000
Library  C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll (*** suspicious ***) @ C:\Program Files (x86)\DAP\DAP.exe [5056] (FILE NOT FOUND)                                                                      000000000e300000
Library  C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll (*** suspicious ***) @ C:\Program Files (x86)\DAP\DAP.exe [5056] (FILE NOT FOUND)                                                                     000000000e3d0000
Library  C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\Ionic.Zip.dll (*** suspicious ***) @ C:\Program Files (x86)\DAP\DAP.exe [5056] (FILE NOT FOUND)                                                                     000000000e710000
Library  C:\Users\engin\AppData\Local\assembly\dl3\3443HKZP.VRV\9KXET9KP.AY0\5ee6ae4a\00bdb15a_cd85cd01\HPSeeker.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [1228] (FILE NOT FOUND)        000000001b960000
Library  C:\Users\engin\AppData\Local\assembly\dl3\3443HKZP.VRV\9KXET9KP.AY0\6c2e9fe9\00bdb15a_cd85cd01\HPSwitchBoard.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [1228] (FILE NOT FOUND)   000000001ba10000
Library  C:\Users\engin\AppData\Local\assembly\dl3\3443HKZP.VRV\9KXET9KP.AY0\3e16f603\0017145d_cd85cd01\HPItunesModule.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [1228] (FILE NOT FOUND)  000000001bb70000
Library  C:\Users\engin\AppData\Local\assembly\dl3\3443HKZP.VRV\9KXET9KP.AY0\fc9048d5\00eae25b_cd85cd01\HPWMCModule.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [1228] (FILE NOT FOUND)     000000001bce0000
Library  C:\Users\engin\AppData\Local\assembly\dl3\3443HKZP.VRV\9KXET9KP.AY0\fd7aac6d\00bdb15a_cd85cd01\HPWMPModule.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [1228] (FILE NOT FOUND)     000000001bdc0000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
Teil 7
Alt 02.04.2014, 08:52   #25
schrauber
/// the machine
/// TB-Ausbilder
 
Internet stürzt ab - Standard

Internet stürzt ab


Ok das müsen wir einmal tiefer checken.

Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.


die emsi.zip bitte auch bei www.virustotal.com scannen lassen, Link zum Ergebnis hier posten. Wieviele der 50 Scanner haben angeschlagen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.04.2014, 10:46   #26
ertanal
 
Internet stürzt ab - Standard

Internet stürzt ab


Zitat:
Zitat von schrauber Beitrag anzeigen
Ok das müsen wir einmal tiefer checken.

Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.


die emsi.zip bitte auch bei www.virustotal.com scannen lassen, Link zum Ergebnis hier posten. Wieviele der 50 Scanner haben angeschlagen?
Code:
ATTFilter
Detected Windows version: 6.2 Build 9200 
Driver connection handle: 0x00000154
1 valid drive(s) found.

Details for Disk 0 - ST2000DM001-9YN164 Rev HP16:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)         : 243201/255/63
  Boot loader reputation   : Unknown
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 639AC5CDF8A5CF3245975932C6A4215450A7B98F
    MD5                    : 5FB38429D5D77768867C76DCBDB35194


Edit: Ich hab die Datei bei Virustotal scannen lassen , 51 Scanner haben nichts gefunden. Den link dazu konnte ich nicht posten, könntest du mir bitte sagen wie ein Link erstellt und dann gepostet wird?
Geändert von ertanal (02.04.2014 um 11:05 Uhr)

Alt 02.04.2014, 11:14   #27
ertanal
 
Internet stürzt ab - Standard

Internet stürzt ab


https://www.virustotal.com/de/file/<a href=edd80e1ad29ca31b86d8840d419445a74741369bed16556b5674d593fbc83a0f/analysis/1396432055/<a/>
Geändert von ertanal (02.04.2014 um 12:12 Uhr)

Alt 03.04.2014, 08:25   #28
schrauber
/// the machine
/// TB-Ausbilder
 
Internet stürzt ab - Standard

Internet stürzt ab


jup, alles sauber
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.04.2014, 11:24   #29
ertanal
 
Internet stürzt ab - Standard

Internet stürzt ab


Zitat:
Zitat von schrauber Beitrag anzeigen
jup, alles sauber
Brauche ich noch mit anderen Programmen Scannen müssen, oder kann ich davon ausgehen, dass alles sauber ist?

Edit: Aber ich habe doch noch nichtmal richtig den Link verschicken können?

Alt 04.04.2014, 09:25   #30
schrauber
/// the machine
/// TB-Ausbilder
 
Internet stürzt ab - Standard

Internet stürzt ab


Zitat:
Zitat von ertanal
Brauche ich noch mit anderen Programmen Scannen müssen, oder kann ich davon ausgehen, dass alles sauber ist?
Zitat:
Zitat von schrauber
jup, alles sauber
ist an meinem Deutsch irgendwas unverständlich?

Zitat:
Edit: Aber ich habe doch noch nichtmal richtig den Link verschicken können?
Den zu virustotal? Ich bin soooo gut dass ich mir den kopieren und im Browser einfügen kann, ohne Schmarn
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 2 von 3 1 2 3

Themen zu Internet stürzt ab
alice, breitband, dsl, inter, interne, internet, internet stürzt ab, kabel, lan, leute, stürzt, stürzt ab


« Windows7: Avira meldet Trojaner TR/CRYPT.XPACK.32885 | Please Help snap.do hat mich befallen »


Ähnliche Themen: Internet stürzt ab


  1. Internet stürzt ab. Ich weiß nicht wieso.
    Netzwerk und Hardware - 21.08.2012 (4)
  2. Internet stürzt ab, Maus macht doppelklick
    Netzwerk und Hardware - 05.04.2012 (1)
  3. Internet stürzt stätig ab...
    Plagegeister aller Art und deren Bekämpfung - 17.07.2011 (21)
  4. Internet stürzt ab/Lan Kabel ziehen...
    Log-Analyse und Auswertung - 11.07.2011 (1)
  5. Internet kommt und stürzt mittendrin ab.
    Alles rund um Windows - 15.02.2011 (1)
  6. Internet Browser stürzt ab
    Plagegeister aller Art und deren Bekämpfung - 18.09.2010 (15)
  7. Internet stürzt mehrmals täglich ab!
    Log-Analyse und Auswertung - 24.11.2009 (5)
  8. Internet stürzt ständig ab!
    Plagegeister aller Art und deren Bekämpfung - 02.07.2009 (0)
  9. Internet Explorer stürzt ab/serials ws/ wer erkennt was?
    Log-Analyse und Auswertung - 26.06.2009 (4)
  10. Internet Explorer stürzt ab
    Plagegeister aller Art und deren Bekämpfung - 07.04.2009 (0)
  11. Internet stürzt NUR bein schülervz/meinvz ab.
    Alles rund um Windows - 05.04.2009 (0)
  12. Internet stürzt ab
    Alles rund um Windows - 22.12.2008 (20)
  13. Internet Explorer stürzt ab...startsmart.tv
    Log-Analyse und Auswertung - 10.07.2008 (10)
  14. Internet Explorer stürzt ständig ab
    Log-Analyse und Auswertung - 18.12.2007 (4)
  15. Internet Verbindung stürzt ab - Pc hängt sich auf!
    Alles rund um Windows - 11.10.2007 (13)
  16. Internet stürzt ab, Neueinwahl nicht möglich
    Log-Analyse und Auswertung - 21.09.2006 (10)
  17. Internet Explorer stürzt immer ab
    Log-Analyse und Auswertung - 05.10.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Internet stürzt ab - Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die - Internet stürzt ab...
Archiv
Du betrachtest: Internet stürzt ab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131