Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Log-Analyse und Auswertung: Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 13.10.2014, 14:16   #1
Hyrophonics
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Hi,

seit etwa 2 Wochen läuft immer mal wieder für wenige Minuten ein Audiostream (Werbung, Radio, Wetter etc...) auf meinem PC. Es passiert immer nur, wenn ich surfe (Browser ist Google Chrome), allerdings läuft der Stream weiter, auch wenn der Browser geschlossen ist.

Habe schon mehrmals mit Comodo Internet Security (Produktveresion 5.10.228257.2253, Version der Virensignaturen 19785) und mit HitmanPro 3.7.9 erfolglos gescannt.

Zu den Logdateien: habe ich erstellt mit Ausnahme von Defrogger. Ich verstehe nicht ganz was es bedeuter "Laufwerksemulationen abzuschalten". Derzeit sitze ich an meiner Masterarbeit und verwende hierfür SPSS von IBM als Gruppenlizenz meiner Uni. Ich habe Angst, dass was auch immer da abgeschaltet wird den VP-Tunnel "kaputt" macht oder die Iso-Datei des Programmes oder ähnliches.

Außerdem weiß ich nicht, wie ich an die Log-Datei des Comodo Scans komme. Wurde aber wie bei Hitman nichts gemeldet.

Herzlichen Dank für die Hilfe!

Alt 13.10.2014, 14:23   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 13.10.2014, 14:40   #3
Hyrophonics
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Gotfried III at 2014-10-13 09:54:04
Running from C:\Users\Gotfried III\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {458BB331-2324-0753-3D5F-1472EB102AC0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Defense+ (Enabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.80 - Atheros Communications)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 15.0 - COMODO)
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.10.31649.2253 - COMODO Security Solutions Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{B18BEB15-A9DA-43D7-BAE1-C6C67484C2C0}) (Version: 5.1.1 - Hewlett-Packard)
GeekBuddy (HKLM-x32\...\{87A5B227-81F8-4E51-86CA-39E89CB33B16}) (Version: 4.18.121 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{DF37555F-0259-43DA-B60C-47106FA14AA3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{AF6EB833-D48A-49AC-9394-4C57489FDFF2}) (Version: 4.1.13.1 - Hewlett-Packard Company)
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.1 - IBM Corp)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 3 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217003FF}) (Version: 7.0.30 - Oracle)
JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.35 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 1.0.41 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Peggle Nights Deluxe 1.0.3.5802 (HKLM-x32\...\Peggle Nights Deluxe 1.0.3.5802) (Version: 1.0.3.5802 - PopCap Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM-x32\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.02.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6461 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.21.0 - Synaptics Incorporated)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3104589397-1215782355-273072457-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104589397-1215782355-273072457-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104589397-1215782355-273072457-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104589397-1215782355-273072457-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104589397-1215782355-273072457-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104589397-1215782355-273072457-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104589397-1215782355-273072457-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104589397-1215782355-273072457-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3104589397-1215782355-273072457-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

25-08-2014 12:47:25 Prüfpunkt von HitmanPro
25-08-2014 13:18:37 Removed Trainer Buchhaltung
25-08-2014 13:23:34 Removed HP On Screen Display
03-09-2014 22:26:35 Windows Update
10-09-2014 09:07:58 Windows Update
05-10-2014 10:34:04 Removed IBM SPSS Statistics 19.
05-10-2014 11:52:15 Installed IBM SPSS Statistics 22.
05-10-2014 12:12:59 Installed IBM SPSS Statistics 22.0.0.1 Patch.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {084AED5D-3248-4D05-B3A8-D4E521C91C35} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: {0E62ECA6-6924-450A-9225-709912662E7A} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {70F19893-0170-42B9-9266-751E388D33B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {7CC3FD65-CC14-4AE2-BD5F-9EA8D57D6DA1} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: {8FFEAA8F-6FB3-49CA-A0D9-FE573B3A0125} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: {BB3FACC6-0BB5-4CF7-8746-B8F80FE0C10E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.)
Task: {C57D7490-1548-4E5A-8003-FD5F27AFFAC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {EA8D32F2-D35A-4E09-8082-7C44792A38A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-19 19:59 - 2011-12-19 19:59 - 00071496 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-10-02 20:45 - 2012-10-02 20:45 - 00120728 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
2011-06-27 10:16 - 2011-06-27 10:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-02 20:41 - 2012-10-02 20:41 - 00694168 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
2013-10-10 23:48 - 2013-10-10 23:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 21:37 - 2012-09-07 21:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2012-09-26 23:57 - 2012-09-26 23:57 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-10-13 08:35 - 2014-10-13 08:35 - 00043008 _____ () c:\Users\Gotfried III\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslispg.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 00976080 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtNetwork4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 02254544 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtCore4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 08024784 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtGui4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 01299664 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtScript4.dll
2014-09-17 23:03 - 2014-09-17 23:03 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9d1b7fd98fc2ebea8f9e3dd5b726d7a9\IsdiInterop.ni.dll
2012-09-19 20:08 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-10-08 09:11 - 2014-10-01 07:54 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
2014-10-08 09:11 - 2014-10-01 07:54 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libegl.dll
2014-10-08 09:11 - 2014-10-01 07:54 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
2014-10-08 09:11 - 2014-10-01 07:54 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3104589397-1215782355-273072457-500 - Administrator - Disabled)
Gast (S-1-5-21-3104589397-1215782355-273072457-501 - Limited - Disabled)
Gotfried III (S-1-5-21-3104589397-1215782355-273072457-1000 - Administrator - Enabled) => C:\Users\Gotfried III

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2014 10:18:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.4518.1014, Zeitstempel: 0x45428028
Name des fehlerhaften Moduls: mso.dll, Version: 12.0.4518.1014, Zeitstempel: 0x4542867b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x008f4f36
ID des fehlerhaften Prozesses: 0xbec
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (10/05/2014 02:04:50 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2014 02:04:50 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2014 02:04:50 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2014 02:04:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/05/2014 02:04:48 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2014 02:04:48 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/05/2014 02:04:48 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2014 02:04:48 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2014 02:04:48 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (10/13/2014 08:34:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (10/10/2014 08:16:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (10/09/2014 06:19:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (10/09/2014 11:05:36 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (10/09/2014 08:14:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (10/08/2014 05:39:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (10/08/2014 08:42:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (10/06/2014 05:36:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (10/05/2014 02:20:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (10/05/2014 02:04:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (10/10/2014 10:18:12 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/26/2012 10:28:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2660 seconds with 1800 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 50%
Total physical RAM: 3947.86 MB
Available physical RAM: 1958.95 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5440.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.59 GB) (Free:389.8 GB) NTFS
Drive d: () (Fixed) (Total:14.87 GB) (Free:14.74 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4F1C5FDC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Gotfried III (administrator) on GOTFRIEDIII-PC on 13-10-2014 09:52:03
Running from C:\Users\Gotfried III\Downloads
Loaded Profile: Gotfried III (Available profiles: Gotfried III)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2821416 2011-08-20] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [627360 2011-05-09] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-05-09] (Atheros Commnucations)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9569096 2012-03-11] (COMODO)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3104589397-1215782355-273072457-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-3104589397-1215782355-273072457-1000\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2051 2013-06-23] ()
HKU\S-1-5-21-3104589397-1215782355-273072457-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-3104589397-1215782355-273072457-1000\...\MountPoints2: {e8c1889b-93fb-11e2-9192-74de2ba87cea} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-3104589397-1215782355-273072457-1000\...\MountPoints2: {f7753444-20e1-11e2-b7d2-74de2ba81ff2} - G:\MotoCastSetup.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-23] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\guard64.dll => C:\Windows\system32\guard64.dll [389840 2012-03-11] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301224 2012-03-11] (COMODO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2050 J510 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={E2FBCCD4-018D-4CF3-81C6-8A5A8E619738}&mid=f8a3c197347d47d099c27ceb9e0d2bf9-e9b4920b64c5d82915451d157c85cc3207bb7966&lang=de&ds=pd011&pr=sa&d=2012-09-19 16:31:36&v=12.1.0.20&sap=hp
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={E2FBCCD4-018D-4CF3-81C6-8A5A8E619738}&mid=f8a3c197347d47d099c27ceb9e0d2bf9-e9b4920b64c5d82915451d157c85cc3207bb7966&lang=de&ds=pd011&pr=sa&d=2012-09-19 16:31:36&v=12.1.0.20&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={E2FBCCD4-018D-4CF3-81C6-8A5A8E619738}&mid=f8a3c197347d47d099c27ceb9e0d2bf9-e9b4920b64c5d82915451d157c85cc3207bb7966&lang=de&ds=pd011&pr=sa&d=2012-09-19 16:31:36&v=12.1.0.20&sap=dsp&q={searchTerms}
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{69E1BA0D-5AC8-49B0-8907-5B7A706D01BF}: [NameServer] 8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{85329B0F-82C4-4F76-9E86-D24D38BC5A2E}: [NameServer] 192.168.1.1,156.154.70.22

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 -> C:\Windows\system32\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.3.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> https://isearch.avg.com/?cid={E2FBCCD4-018D-4CF3-81C6-8A5A8E619738}&mid=f8a3c197347d47d099c27ceb9e0d2bf9-e9b4920b64c5d82915451d157c85cc3207bb7966&lang=de&ds=pd011&pr=sa&d=2012-09-19%2016:31:36&v=12.1.0.20&sap=hp
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Profile: C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Forge of Empires) - C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg [2013-04-06]
CHR Extension: (Google Docs) - C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-06]
CHR Extension: (Google Drive) - C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-06]
CHR Extension: (Mortimer Beckett and the Time Paradox) - C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckkdghodlknfakdfbappfjhbhdflehlo [2013-04-05]
CHR Extension: (Google-Suche) - C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-06]
CHR Extension: (AdBlock) - C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-06]
CHR Extension: (Google Wallet) - C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR Extension: (Citavi Picker) - C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-06-04]
CHR Extension: (Google Mail) - C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-06]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files (x86)\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-09] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [80032 2011-05-09] (Atheros Commnucations) [File not signed]
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2815496 2012-03-11] (COMODO)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-06] (SurfRight B.V.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [22696 2012-03-11] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [577824 2012-03-11] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43248 2012-03-11] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [93200 2012-02-03] (COMODO)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 09:52 - 2014-10-13 09:53 - 00016902 _____ () C:\Users\Gotfried III\Downloads\FRST.txt
2014-10-13 09:51 - 2014-10-13 09:52 - 00000000 ____D () C:\FRST
2014-10-13 09:50 - 2014-10-13 09:51 - 02110464 _____ (Farbar) C:\Users\Gotfried III\Downloads\FRST64.exe
2014-10-10 11:19 - 2014-10-10 11:19 - 00050477 _____ () C:\Users\Gotfried III\Downloads\Defogger.exe
2014-10-05 14:49 - 2014-10-05 14:49 - 00000000 ____D () C:\Users\Gotfried III\Documents\IBM
2014-10-05 14:03 - 2014-10-13 08:34 - 00000728 _____ () C:\Windows\setupact.log
2014-10-05 14:03 - 2014-10-05 14:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-05 13:57 - 2014-10-05 13:57 - 00000000 ____D () C:\Users\Gotfried III\AppData\Local\IBM
2014-10-05 13:56 - 2014-10-05 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2014-10-05 13:11 - 2014-10-05 13:13 - 00000000 ____D () C:\Program Files\SPSS 22 Win + Amos
2014-10-05 12:41 - 2014-10-05 12:48 - 270640592 _____ (IBM Corp) C:\Users\Gotfried III\Downloads\22.0-IM-S22STATC-WIN64-FP001.exe
2014-10-05 12:41 - 2014-10-05 12:48 - 264937320 _____ (IBM Corp) C:\Users\Gotfried III\Downloads\22.0-IM-S22STATC-WIN32-FP001.exe
2014-10-05 12:39 - 2014-10-05 13:09 - 2091601920 _____ () C:\Users\Gotfried III\Downloads\SPSS 22 Win + Amos.iso
2014-10-05 12:17 - 2014-10-05 12:17 - 00002043 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 09:53 - 2012-09-19 18:43 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-10-13 09:49 - 2013-01-11 23:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 09:48 - 2013-01-16 15:33 - 00000000 ____D () C:\Users\Gotfried III\AppData\Roaming\Skype
2014-10-13 09:43 - 2012-09-18 18:40 - 01955696 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 09:07 - 2013-02-06 10:59 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 08:45 - 2009-07-14 06:45 - 00015264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 08:45 - 2009-07-14 06:45 - 00015264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 08:36 - 2013-02-06 14:37 - 00000000 ___RD () C:\Users\Gotfried III\Dropbox
2014-10-13 08:36 - 2013-02-06 14:32 - 00000000 ____D () C:\Users\Gotfried III\AppData\Roaming\Dropbox
2014-10-13 08:35 - 2013-06-23 18:09 - 00000000 ____D () C:\Temp
2014-10-13 08:35 - 2013-02-06 10:59 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 08:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 11:23 - 2012-10-20 15:14 - 00000000 ____D () C:\Users\Gotfried III\Documents\Uni
2014-10-08 09:12 - 2013-02-06 10:59 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-08 09:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-05 14:36 - 2013-01-03 23:04 - 00000000 ____D () C:\Users\Gotfried III\AppData\Local\javasharedresources
2014-10-05 14:13 - 2013-01-03 22:56 - 00000219 _____ () C:\Windows\SysWOW64\lsprst7.tgz
2014-10-05 14:13 - 2013-01-03 22:56 - 00000205 _____ () C:\Windows\SysWOW64\lsprst7.dll
2014-10-05 14:13 - 2013-01-03 22:56 - 00000016 ____H () C:\Windows\SysWOW64\servdat.slm
2014-10-05 14:06 - 2012-09-19 20:19 - 00067872 _____ () C:\Users\Gotfried III\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-05 14:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-05 14:03 - 2009-07-14 06:45 - 00300336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-05 12:17 - 2013-01-03 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-09-19 23:08 - 2013-02-06 14:37 - 00001219 _____ () C:\Users\Gotfried III\Desktop\Dropbox.lnk
2014-09-19 23:07 - 2013-02-06 14:33 - 00000000 ____D () C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Users\Gotfried III\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslispg.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 10:05

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

GMER Teil 1
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-13 10:19:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0005 465,76GB
Running: 2tdj0y06.exe; Driver: C:\Users\GOTFRI~1\AppData\Local\Temp\uwdyypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031f5000 8 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 537 fffff800031f5009 36 bytes [87, 39, 04, 80, FA, FF, FF, ...]

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771e1360 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771e1560 8 bytes JMP 000000016fff0110
.text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771e1b00 8 bytes JMP 000000016fff0148
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771b3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771e15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000771e16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771e17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000771e19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771e1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000771e1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000771e2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771e2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771b3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771e15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000771e16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771e17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000771e19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771e1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000771e1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000771e2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771e2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\lsass.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\lsass.exe[640] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text C:\Windows\system32\lsass.exe[640] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefea022cc 5 bytes JMP 000007fffcee0260
.text C:\Windows\system32\lsass.exe[640] C:\Windows\system32\GDI32.dll!BitBlt 000007fefea024c0 5 bytes JMP 000007fffcee0298
.text C:\Windows\system32\lsass.exe[640] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text C:\Windows\system32\lsass.exe[640] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefea08398 9 bytes JMP 000007fffcee01f0
.text C:\Windows\system32\lsass.exe[640] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text C:\Windows\system32\lsass.exe[640] C:\Windows\system32\GDI32.dll!GetPixel 000007fefea09344 5 bytes JMP 000007fffcee0228
.text C:\Windows\system32\lsass.exe[640] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text C:\Windows\system32\lsass.exe[640] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text C:\Windows\system32\lsass.exe[640] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefecca6f0 1 byte JMP 000007fffcee0180
.text C:\Windows\system32\lsass.exe[640] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefecca6f2 5 bytes {JMP 0xfffffffffe215a90}
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771b3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771e15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000771e16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771e17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000771e19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771e1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000771e1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000771e2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771e2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[804] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007738fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007738fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077390004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077390084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773900b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000773903b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077390550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077390694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007739088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000773908a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077390ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077391cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773ac4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773b1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074dd103d 5 bytes JMP 0000000110024f30

Teil 2
Code:
ATTFilter
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                            0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                      0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                            000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                      0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                          0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                       0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                                0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                         0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                             0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                              0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                                 0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                                   0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                               0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                                0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                                  0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                          0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                                0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                       0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                           0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                          0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                        0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                         0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                           0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                          0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                         0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                         0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                            0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                            0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                                   0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                            0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                               0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                                 0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                                 0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                        0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                          0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                                  0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[868] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                                     0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                                 00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                   00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                      00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                           00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                   00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                      00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                              00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                               00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                            00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                 00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                            00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                    00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                                00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                   00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                             00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                 00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                        00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                       00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                             00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                         00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                            000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                     000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                       000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                      000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                    000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                    000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                     000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                   000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\system32\svchost.exe[348] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                       000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                                 00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                   00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                      00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                           00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                   00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                      00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                              00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                               00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                            00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                 00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                            00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                    00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                                00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                   00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                             00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                 00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                        00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                       00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                             00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                         00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                                                      00000000770798e0 12 bytes JMP 000000016fff01b8
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                                            0000000077090650 12 bytes JMP 000000016fff0148
__________________
Alt 13.10.2014, 14:41   #4
Hyrophonics
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Teil 3
Code:
ATTFilter
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                                            000000007710acf0 1 byte JMP 000000016fff0180
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\kernel32.dll!CreateProcessA + 2                                                                                                                                        000000007710acf2 5 bytes {JMP 0xfffffffff8ee5490}
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                            000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                     000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                       000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                      000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                    000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                    000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                     000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                   000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\System32\svchost.exe[504] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                       000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                                 00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                   00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                      00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                           00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                   00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                      00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                              00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                               00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                            00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                 00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                            00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                    00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                                00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                   00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                             00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                 00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                        00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                       00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                             00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                         00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                                                      00000000770798e0 12 bytes JMP 000000016fff01b8
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                                            0000000077090650 12 bytes JMP 000000016fff0148
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                                            000000007710acf0 1 byte JMP 000000016fff0180
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\kernel32.dll!CreateProcessA + 2                                                                                                                                        000000007710acf2 5 bytes {JMP 0xfffffffff8ee5490}
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                            000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                     000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                       000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                      000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                    000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                    000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                     000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                   000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                       000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                                                                                      000007fefecca6f0 1 byte JMP 000007fffcee0180
.text     C:\Windows\System32\svchost.exe[580] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2                                                                                                                                  000007fefecca6f2 5 bytes {JMP 0xfffffffffe215a90}
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                                 00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                   00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                      00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                           00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                   00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                      00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                              00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                               00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                            00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                 00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                            00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                    00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                                00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                   00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                             00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                 00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                        00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                       00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                             00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                         00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                            000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                                00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                  00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                     00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                          00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                  00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                               00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                     00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                             00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                              00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                           00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                           00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                   00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                               00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                  00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                            00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                       00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                      00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                            00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                        00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                                                     00000000770798e0 12 bytes JMP 000000016fff01b8
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                                           0000000077090650 12 bytes JMP 000000016fff0148
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                                           000000007710acf0 1 byte JMP 000000016fff0180
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!CreateProcessA + 2                                                                                                                                       000000007710acf2 5 bytes {JMP 0xfffffffff8ee5490}
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                           000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                                                                                                      000007fefd603e80 5 bytes JMP 000007fffcee01b8
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                    000007fefea022cc 5 bytes JMP 000007fffcee0298
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                      000007fefea024c0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                     000007fefea05bf0 5 bytes JMP 000007fffcee0308
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                   000007fefea08398 9 bytes JMP 000007fffcee0228
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                   000007fefea089d8 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                    000007fefea09344 5 bytes JMP 000007fffcee0260
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                  000007fefea0b9f8 5 bytes JMP 000007fffcee0378
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                      000007fefea0c8e0 5 bytes JMP 000007fffcee0340
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                                                                                     000007fefecca6f0 1 byte JMP 000007fffcee0180
.text     C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2                                                                                                                                 000007fefecca6f2 5 bytes {JMP 0xfffffffffe215a90}
.text     C:\Program Files\HitmanPro\hmpsched.exe[1240] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                   000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                   000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                        000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                             000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                   000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                           000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                            0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                         0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                              00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                         00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                 0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                             0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                          00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                              0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                     0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                    0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                          0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                      0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                              00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                          00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                         0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                         0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1300] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                   0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                                00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                  00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                     00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                          00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                  00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                               00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                     00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                             00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                              00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                           00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                           00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                   00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                               00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                  00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                            00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                       00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                      00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                            00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\system32\WLANExt.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                        00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                                00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                  00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                     00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                          00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                  00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                               00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                     00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                             00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                              00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                           00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                           00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                   00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                               00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                  00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                            00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                       00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                      00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                            00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                        00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                           000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                    000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                      000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                     000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                   000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                   000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                    000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                  000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                      000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                                00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                  00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                     00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                          00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                  00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                               00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                     00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                             00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                              00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                           00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                           00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                   00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                               00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                  00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                            00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                       00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                      00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                            00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                        00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                           000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                                                                                                      000007fefd603e80 5 bytes JMP 000007fffcee01b8
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                    000007fefea022cc 5 bytes JMP 000007fffcee0298
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                      000007fefea024c0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                     000007fefea05bf0 5 bytes JMP 000007fffcee0308
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                   000007fefea08398 9 bytes JMP 000007fffcee0228
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                   000007fefea089d8 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                    000007fefea09344 5 bytes JMP 000007fffcee0260
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                  000007fefea0b9f8 5 bytes JMP 000007fffcee0378
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                      000007fefea0c8e0 5 bytes JMP 000007fffcee0340
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                                                                                     000007fefecca6f0 1 byte JMP 000007fffcee0180
.text     C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2                                                                                                                                 000007fefecca6f2 5 bytes {JMP 0xfffffffffe215a90}
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                            000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                 000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                         000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                      000000007738fdc8 5 bytes JMP 000000011002ec30

Alt 13.10.2014, 14:45   #5
Hyrophonics
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Teil 4
Code:
ATTFilter
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                            000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                    000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                     0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                                  0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                       00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                                  00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                          0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                                      0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                         000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                   00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                       0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                              0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                             0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                                   0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                               0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                         00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                       00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                                   00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                                  0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                  0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1716] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                            0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                        00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                          00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                             00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                          00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                             00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                        00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                   00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                       00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                          00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                               00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                             00000000770798e0 12 bytes JMP 000000016fff01b8
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                   0000000077090650 12 bytes JMP 000000016fff0148
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                   000000007710acf0 1 byte JMP 000000016fff0180
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\system32\kernel32.dll!CreateProcessA + 2                                                                                                               000000007710acf2 5 bytes {JMP 0xfffffffff8ee5490}
.text     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                   000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                   000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                        000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                             000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                   000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                           000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                            0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                         0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                              00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                         00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                 0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                             0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                          00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                              0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                     0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                    0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                          0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                      0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                              00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                          00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                         0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                         0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe[1828] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                   0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                         000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                              000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                      000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                   000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                         000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                 000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                  0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                               0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                    00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                               00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                       0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                                   0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                      000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                    0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                           0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                          0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                                0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                            0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                      00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                    00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                                00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                               0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                               0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1864] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                         0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                       000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                            000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                    000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                 000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                       000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                               000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                             0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                  00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                             00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                     0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                                 0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                    000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                              00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                  0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                         0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                        0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                              0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                          0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                    00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                  00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                              00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                             0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                             0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1904] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                       0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                 000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                      000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                              000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                           000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                 000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                         000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                          0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                       0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                            00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                       00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                               0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                           0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                              000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                        00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                            0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                   0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                  0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                        0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                    0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                              00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                            00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                        00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                       0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                       0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                 0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                       000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                     0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                  0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                           0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                    0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                        0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                         0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                           0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                            0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                              0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                          0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                           0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                             0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                           0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                     0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                           0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                  0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                      0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                     0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                   0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                    0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                      0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                     0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                    0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                    0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                       0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                       0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                              0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                       0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                          0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                            0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                            0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                   0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                     0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                             0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                                0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1960] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                 0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                     000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                             000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                          000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                        000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                         0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                      0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                           00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                      00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                              0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                          0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                             000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                       00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                           0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                  0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                 0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                       0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                   0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                             00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                           00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                       00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                      0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                      0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2028] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                              000000007738f9e0 5 bytes JMP 000000010056d080
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                   000000007738fcb0 5 bytes JMP 000000010057fac0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                           000000007738fd64 5 bytes JMP 000000010057dfa0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                        000000007738fdc8 5 bytes JMP 000000010057ec30
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                              000000007738fec0 5 bytes JMP 000000010057c270
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                      000000007738ffa4 5 bytes JMP 000000010057e640
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                       0000000077390004 5 bytes JMP 000000010057ff20
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                    0000000077390084 5 bytes JMP 000000010057fce0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                         00000000773900b4 5 bytes JMP 000000010057e2a0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                    00000000773903b8 5 bytes JMP 000000010057cc90
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077390550 5 bytes JMP 000000010057b520
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                        0000000077390694 5 bytes JMP 000000010057f750
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                           000000007739088c 5 bytes JMP 000000010057be90
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                     00000000773908a4 5 bytes JMP 000000010057c8f0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                         0000000077390df4 5 bytes JMP 000000010057f540
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                0000000077390ed8 5 bytes JMP 000000010057f0c0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                               0000000077391be4 5 bytes JMP 000000010057f300
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                     0000000077391cb4 5 bytes JMP 000000010057c520
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                 0000000077391d8c 5 bytes JMP 000000010057eec0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                           00000000773ac4dd 5 bytes JMP 0000000100577df0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                         00000000773b1287 1 byte JMP 000000010056d1a0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                     00000000773b1289 5 bytes {JMP 0xffffffff891bbf19}
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                    0000000074dd103d 5 bytes JMP 0000000100574f30
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                    0000000074dd1072 5 bytes JMP 0000000100575ac0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                              0000000074dfc9b5 5 bytes JMP 0000000100573a60
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                    000000007574f784 5 bytes JMP 000000010056d1d0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                            0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                           00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                  000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                       000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                               000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                            000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                  000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                          000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                           0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                        0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                             00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                        00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                            0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                               000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                         00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                             0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                    0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                   0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                         0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                     0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                               00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                             00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                         00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                        0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                        0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[1596] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Windows\system32\svchost.exe[2476] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                           000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                               00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                 00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                    00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                         00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                 00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                              00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                    00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                            00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                             00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                          00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                               00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                          00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                  00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                              00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                 00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                           00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                               00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                      00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                     00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                           00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                       00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                          000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                   000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                     000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                    000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                  000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                  000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                   000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                 000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                     000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                                                                                    000007fefecca6f0 1 byte JMP 000007fffcee0180
.text     C:\Windows\system32\taskhost.exe[3044] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2                                                                                                                                000007fefecca6f2 5 bytes {JMP 0xfffffffffe215a90}
.text     C:\Windows\system32\Dwm.exe[3052] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                        000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\system32\Dwm.exe[3052] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                          000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\system32\Dwm.exe[3052] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                         000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\system32\Dwm.exe[3052] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                       000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\system32\Dwm.exe[3052] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                       000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\system32\Dwm.exe[3052] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                        000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\system32\Dwm.exe[3052] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                      000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\system32\Dwm.exe[3052] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                          000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                                        00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                          00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                             00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                  00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                          00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                       00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                             00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                     00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                      00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                   00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                        00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                                   00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                           00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                                       00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                          00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                    00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                        00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                               00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                              00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                    00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                                                             00000000770798e0 12 bytes JMP 000000016fff01b8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                                                   0000000077090650 12 bytes JMP 000000016fff0148
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                                                   000000007710acf0 1 byte JMP 000000016fff0180
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\kernel32.dll!CreateProcessA + 2                                                                                                                                               000000007710acf2 5 bytes {JMP 0xfffffffff8ee5490}
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                                   000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                            000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                              000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                             000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                           000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                           000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                            000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                          000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                              000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!RegisterRawInputDevices                                                                                                                                            0000000076f76ef0 8 bytes JMP 000000016fff06f8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SystemParametersInfoA                                                                                                                                              0000000076f78184 7 bytes JMP 000000016fff0880
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SetParent                                                                                                                                                          0000000076f78530 8 bytes JMP 000000016fff0730
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!PostMessageA                                                                                                                                                       0000000076f7a404 5 bytes JMP 000000016fff0308
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!EnableWindow                                                                                                                                                       0000000076f7aaa0 9 bytes JMP 000000016fff08f0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!MoveWindow                                                                                                                                                         0000000076f7aad0 8 bytes JMP 000000016fff0768
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!GetAsyncKeyState                                                                                                                                                   0000000076f7c720 5 bytes JMP 000000016fff06c0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!RegisterHotKey                                                                                                                                                     0000000076f7cd50 8 bytes JMP 000000016fff0848
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!PostThreadMessageA                                                                                                                                                 0000000076f7d2b0 5 bytes JMP 000000016fff0378
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SendMessageA                                                                                                                                                       0000000076f7d338 5 bytes JMP 000000016fff03e8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SendNotifyMessageW                                                                                                                                                 0000000076f7dc40 9 bytes JMP 000000016fff0570
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SystemParametersInfoW                                                                                                                                              0000000076f7f510 7 bytes JMP 000000016fff08b8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                                                                                                                  0000000076f7f874 9 bytes JMP 000000016fff0298
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SendMessageTimeoutW                                                                                                                                                0000000076f7fac0 9 bytes JMP 000000016fff0490
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!PostThreadMessageW                                                                                                                                                 0000000076f80b74 10 bytes JMP 000000016fff03b0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SetWinEventHook                                                                                                                                                    0000000076f84d4c 5 bytes JMP 000000016fff02d0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!GetKeyState                                                                                                                                                        0000000076f85010 5 bytes JMP 000000016fff0688
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SendMessageCallbackW                                                                                                                                               0000000076f85438 7 bytes JMP 000000016fff0500
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SendMessageW                                                                                                                                                       0000000076f86b50 5 bytes JMP 000000016fff0420
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!PostMessageW                                                                                                                                                       0000000076f876e4 7 bytes JMP 000000016fff0340
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SendDlgItemMessageW                                                                                                                                                0000000076f8dd90 5 bytes JMP 000000016fff05e0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!GetClipboardData                                                                                                                                                   0000000076f8e874 5 bytes JMP 000000016fff0810
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SetClipboardViewer                                                                                                                                                 0000000076f8f780 8 bytes JMP 000000016fff07a0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SendNotifyMessageA                                                                                                                                                 0000000076f928e4 12 bytes JMP 000000016fff0538
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!mouse_event                                                                                                                                                        0000000076f93894 7 bytes JMP 000000016fff0228
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!GetKeyboardState                                                                                                                                                   0000000076f98a10 8 bytes JMP 000000016fff0650
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SendMessageTimeoutA                                                                                                                                                0000000076f98be0 12 bytes JMP 000000016fff0458
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                                                                                                                  0000000076f98c20 12 bytes JMP 000000016fff0260
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SendInput                                                                                                                                                          0000000076f98cd0 8 bytes JMP 000000016fff0618
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!BlockInput                                                                                                                                                         0000000076f9ad60 8 bytes JMP 000000016fff07d8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!ExitWindowsEx                                                                                                                                                      0000000076fc14e0 5 bytes JMP 000000016fff0928
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!keybd_event                                                                                                                                                        0000000076fe45a4 7 bytes JMP 000000016fff01f0
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SendDlgItemMessageA                                                                                                                                                0000000076fecc08 5 bytes JMP 000000016fff05a8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\USER32.dll!SendMessageCallbackA                                                                                                                                               0000000076fedf18 7 bytes JMP 000000016fff04c8
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                               00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                 00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                    00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                         00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                 00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                              00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                    00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                            00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                             00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                          00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                               00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                          00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                  00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                              00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                 00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                           00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                               00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                      00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                     00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                           00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\System32\igfxtray.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                       00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\System32\hkcmd.exe[2300]


Alt 13.10.2014, 14:47   #6
Hyrophonics
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Teil 5
Code:
ATTFilter
C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                                  00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                    00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                       00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                            00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                    00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                 00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                       00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                               00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                             00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                  00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                             00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                     00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                                 00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                    00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                              00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                  00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                         00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                        00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                              00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                          00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                      000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                        000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                       000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                     000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                     000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                      000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                    000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\System32\hkcmd.exe[2300] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                        000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                               00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                 00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                    00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                         00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                 00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                              00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                    00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                            00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                             00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                          00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                               00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                          00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                  00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                              00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                 00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                           00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                               00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                      00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                     00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                           00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                       00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                          000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                   000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                     000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                    000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                  000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                  000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                   000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                 000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\System32\igfxpers.exe[2304] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                     000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                  00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                    00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                       00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                            00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                    00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                 00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                       00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                               00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                             00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736]    
C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                  00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                             00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                     00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                 00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                    00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                              00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                  00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                         00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                        00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                              00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                          00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                                       00000000770798e0 12 bytes JMP 000000016fff01b8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                             0000000077090650 12 bytes JMP 000000016fff0148
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                             000000007710acf0 1 byte JMP 000000016fff0180
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\system32\kernel32.dll!CreateProcessA + 2                                                                                                                         000000007710acf2 5 bytes {JMP 0xfffffffff8ee5490}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                             000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                               00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                 00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                    00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                         00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                 00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                              00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                    00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                            00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                             00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                          00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840]
Teil 6
Code:
ATTFilter
C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                               00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                          00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                  00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                              00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                 00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                           00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                      00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                     00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                           00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                       00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                                    00000000770798e0 12 bytes JMP 000000016fff01b8
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                          0000000077090650 12 bytes JMP 000000016fff0148
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                          000000007710acf0 1 byte JMP 000000016fff0180
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2840] C:\Windows\system32\kernel32.dll!CreateProcessA + 2                                                                                                                      000000007710acf2 5 bytes {JMP 0xfffffffff8ee5490}
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                             00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                               00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                  00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                       00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                               00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                            00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                  00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                          00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                           00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                        00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                             00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                        00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                            00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                               00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                         00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                             00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                    00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                   00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                         00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                     00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                                  00000000770798e0 12 bytes JMP 000000016fff01b8
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                        0000000077090650 12 bytes JMP 000000016fff0148
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                        000000007710acf0 1 byte JMP 000000016fff0180
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\kernel32.dll!CreateProcessA + 2                                                                                                                    000000007710acf2 5 bytes {JMP 0xfffffffff8ee5490}
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                        000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                 000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                   000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                  000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                 000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                               000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[236] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                   000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                 000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                      000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                              000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                           000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                 000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                         000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                          0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                       0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                            00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                       00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                               0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                           0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                              000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                        00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                            0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                   0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                  0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                        0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                    0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                              00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                            00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                        00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                       0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                       0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                 0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                       000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!PostThreadMessageW                                                                                     0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SystemParametersInfoW                                                                                  0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SendMessageW                                                                                           0000000076e89679 5 bytes JMP 000000011001b100
Teil 7
Code:
ATTFilter
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutW                                                                                    0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SetWinEventHook                                                                                        0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!RegisterHotKey                                                                                         0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!PostMessageW                                                                                           0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!GetKeyState                                                                                            0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SetParent                                                                                              0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SetParent + 2                                                                                          0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!EnableWindow                                                                                           0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!MoveWindow                                                                                             0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!PostMessageA                                                                                           0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!PostThreadMessageA                                                                                     0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SendMessageA                                                                                           0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SystemParametersInfoA                                                                                  0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW                                                                                      0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SendNotifyMessageW                                                                                     0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SendMessageCallbackW                                                                                   0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutA                                                                                    0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA                                                                                      0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SetClipboardViewer                                                                                     0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageA                                                                                    0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageW                                                                                    0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!GetAsyncKeyState                                                                                       0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!GetKeyboardState                                                                                       0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SendInput                                                                                              0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!GetClipboardData                                                                                       0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!ExitWindowsEx                                                                                          0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!mouse_event                                                                                            0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!keybd_event                                                                                            0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SendMessageCallbackA                                                                                   0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!SendNotifyMessageA                                                                                     0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!BlockInput                                                                                             0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\user32.DLL!RegisterRawInputDevices                                                                                0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                  0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                               0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                              000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                 000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                               000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                  00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                 0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                               0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                              00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                           00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                             00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                     00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                             00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                          00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                        00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                         00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                      00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                           00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                      00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                              00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                          00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                             00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                       00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                           00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                  00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                 00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                       00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                   00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                                00000000770798e0 12 bytes JMP 000000016fff01b8
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                      0000000077090650 12 bytes JMP 000000016fff0148
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                      000000007710acf0 1 byte JMP 000000016fff0180
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\kernel32.dll!CreateProcessA + 2                                                                                                                  000000007710acf2 5 bytes {JMP 0xfffffffff8ee5490}
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                      000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                               000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                 000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                              000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                              000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                               000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                             000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1752] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                 000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                       000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                            000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                    000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                 000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                       000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                               000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                             0000000077390084 5 bytes JMP 000000011002fce0

Alt 13.10.2014, 14:48   #7
Hyrophonics
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Teil 8
Code:
ATTFilter
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                  00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                             00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                     0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                                 0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                    000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                              00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                  0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                         0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                        0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                              0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                          0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                    00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                  00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                              00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                             0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                             0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                       0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                             000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                           0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                        0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                                 0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                          0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                              0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                               0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                 0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                                  0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                                    0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                                0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                                 0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                                   0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                 0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                           0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                                 0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                        0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                            0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                           0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                         0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                          0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                            0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                           0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                          0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                          0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                             0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                             0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                                    0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                             0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                                0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                                  0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                                  0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                         0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                           0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                                   0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                                      0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                                      00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                                        0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                                     0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                                    000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                                       000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                                      000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                                     000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                                        00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                       0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                     0000000075371465 2 bytes [37, 75]
.text     C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe[2948] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                    00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                               00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                 00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                    00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                         00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                 00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                              00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                    00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                            00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                             00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                          00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                               00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                          00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                  00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                              00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                 00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                           00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                               00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                      00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                     00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                           00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                       00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                                                    00000000770798e0 12 bytes JMP 000000016fff01b8
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                                          0000000077090650 12 bytes JMP 000000016fff0148
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                                          000000007710acf0 1 byte JMP 000000016fff0180
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\kernel32.dll!CreateProcessA + 2                                                                                                                                      000000007710acf2 5 bytes {JMP 0xfffffffff8ee5490}
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                          000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                   000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                     000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                    000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                  000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                  000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                   000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                 000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\system32\RunDll32.exe[3096] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                     000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                          00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                            00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                               00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                    00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                            00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                         00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                               00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                       00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                        00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                     00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                          00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                     00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                             00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                         00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                            00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                      00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                          00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                 00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                      00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                  00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\system32\SearchIndexer.exe[3284] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                     000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\system32\svchost.exe[3792] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                           000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\system32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                    000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\system32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                      000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\system32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                     000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\system32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                   000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\system32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                   000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\system32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                    000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\system32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                  000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\system32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                      000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                            000000007738f9e0 5 bytes JMP 000000010038d080
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                 000000007738fcb0 3 bytes JMP 000000010039fac0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                                                                                             000000007738fcb4 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                         000000007738fd64 3 bytes JMP 000000010039dfa0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                                                                     000000007738fd68 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                      000000007738fdc8 3 bytes JMP 000000010039ec30
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                                                                                  000000007738fdcc 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                            000000007738fec0 3 bytes JMP 000000010039c270
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                                                                                        000000007738fec4 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                    000000007738ffa4 3 bytes JMP 000000010039e640
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                                                                                000000007738ffa8 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                     0000000077390004 3 bytes JMP 000000010039ff20
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                                                                                 0000000077390008 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                                  0000000077390084 3 bytes JMP 000000010039fce0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                                                                                              0000000077390088 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                       00000000773900b4 3 bytes JMP 000000010039e2a0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                                                                   00000000773900b8 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                                  00000000773903b8 3 bytes JMP 000000010039cc90
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                                                                                              00000000773903bc 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                          0000000077390550 3 bytes JMP 000000010039b520
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                                                                                      0000000077390554 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                                      0000000077390694 3 bytes JMP 000000010039f750
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                                                                                  0000000077390698 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                         000000007739088c 3 bytes JMP 000000010039be90
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                                                                                     0000000077390890 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                   00000000773908a4 3 bytes JMP 000000010039c8f0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                                                                                               00000000773908a8 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                       0000000077390df4 3 bytes JMP 000000010039f540
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                                                                                   0000000077390df8 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                              0000000077390ed8 3 bytes JMP 000000010039f0c0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                                                                                          0000000077390edc 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                             0000000077391be4 3 bytes JMP 000000010039f300
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                                                                                         0000000077391be8 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                                   0000000077391cb4 3 bytes JMP 000000010039c520
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                                                                                               0000000077391cb8 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                               0000000077391d8c 3 bytes JMP 000000010039eec0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                                                                                           0000000077391d90 1 byte [89]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                         00000000773ac4dd 5 bytes JMP 0000000100397df0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                       00000000773b1287 1 byte JMP 000000010038d1a0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                                   00000000773b1289 5 bytes {JMP 0xffffffff88fdbf19}
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                                  0000000074dd103d 5 bytes JMP 0000000100394f30
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                  0000000074dd1072 5 bytes JMP 0000000100395ac0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                            0000000074dfc9b5 5 bytes JMP 0000000100393a60
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                  000000007574f784 5 bytes JMP 000000010038d1d0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                                0000000076e88bff 5 bytes JMP 000000010038b640
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                             0000000076e890d3 7 bytes JMP 000000010038c3d0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                                      0000000076e89679 5 bytes JMP 000000010038b100
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                               0000000076e897d2 5 bytes JMP 000000010038ab80
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                   0000000076e8ee09 5 bytes JMP 000000010038c0c0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                                    0000000076e8efc9 5 bytes JMP 00000001003880a0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                      0000000076e912a5 5 bytes JMP 000000010038bb80
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                                       0000000076e9291f 5 bytes JMP 0000000100389330
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                                         0000000076e92d64 1 byte JMP 00000001003888e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                                     0000000076e92d66 3 bytes {JMP 0xffffffff894f5b7c}
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                                      0000000076e92da4 5 bytes JMP 0000000100387e00
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                                        0000000076e93698 5 bytes JMP 0000000100388b80
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                      0000000076e93baa 5 bytes JMP 000000010038be20
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                                0000000076e93c61 5 bytes JMP 000000010038b8e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                                      0000000076e9612e 5 bytes JMP 000000010038b3a0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                             0000000076e96c30 7 bytes JMP 000000010038c5f0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                 0000000076e97603 5 bytes JMP 000000010038c810
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                                0000000076e97668 5 bytes JMP 000000010038a0c0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                              0000000076e976e0 5 bytes JMP 000000010038a600
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                               0000000076e9781f 5 bytes JMP 000000010038ae40
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                 0000000076e9835c 5 bytes JMP 000000010038ca80
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                                0000000076e9c4b6 5 bytes JMP 00000001003886e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                               0000000076eac112 5 bytes JMP 0000000100389e10
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                               0000000076ead0f5 5 bytes JMP 0000000100389b60
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                                  0000000076eaeb96 5 bytes JMP 0000000100389080
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                                  0000000076eaec68 5 bytes JMP 00000001003895e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                                         0000000076eaff4a 5 bytes JMP 0000000100389890
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                                  0000000076ec9f1d 5 bytes JMP 00000001003882d0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                                     0000000076ed1497 5 bytes JMP 0000000100387bf0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                                       0000000076ee027b 5 bytes JMP 0000000100399670
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                                       0000000076ee02bf 5 bytes JMP 0000000100399880
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                              0000000076ee6cfc 5 bytes JMP 000000010038a8c0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                                0000000076ee6d5d 5 bytes JMP 000000010038a360
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                                        0000000076ee7dd7 5 bytes JMP 00000001003884e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                                           0000000076ee88eb 5 bytes JMP 0000000100388e60
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                                           00000000750958b3 5 bytes JMP 0000000100398bc0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                                             0000000075095ea6 5 bytes JMP 00000001003993e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                                          0000000075097bcc 5 bytes JMP 0000000100399cc0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                                         000000007509b895 5 bytes JMP 0000000100398c00
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                                            000000007509c332 5 bytes JMP 0000000100399130
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                                           000000007509cbfb 5 bytes JMP 0000000100398990
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                                          000000007509e743 5 bytes JMP 0000000100399bc0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                                             00000000750c4857 5 bytes JMP 0000000100398ea0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                            0000000075572642 5 bytes JMP 0000000100394390
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                          0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                         00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                       000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                            000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                    000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                 000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                       000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                               000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                             0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                  00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                             00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                     0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                 0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                    000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                              00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                  0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                         0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                        0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                              0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                          0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                    00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                  00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                              00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW                                                                                             0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA                                                                                             0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW                                                                                       0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                             000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                       0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                      00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                        0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                     0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                    000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                       000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                      000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                     000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                        00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                           0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                        0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                 0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                          0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                              0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                               0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                 0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                  0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                    0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                 0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                   0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                 0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                           0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                 0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                        0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                            0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                           0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                         0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                          0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                            0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                           0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                          0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                          0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                             0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                             0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                    0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                             0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                  0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                  0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                         0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                           0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                   0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3984] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                      0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                               000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                    000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                            000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                         000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                               000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                       000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                        0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                     0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                          00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                     00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                             0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                         0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                            000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                      00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                          0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                 0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                      0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                  0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                            00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                          00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                      00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                     0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                     0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                               0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                     000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                   0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                         0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                  0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                      0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                       0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                         0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                          0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                            0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                        0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                         0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                           0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                         0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                   0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                         0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                    0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                   0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                 0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                  0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                    0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                   0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                  0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                  0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                     0000000076eaeb96 5 bytes JMP 0000000110019080

Alt 13.10.2014, 14:49   #8
Hyrophonics
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Teil 9
Code:
ATTFilter
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                     0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                            0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                     0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                        0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                          0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                          0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                 0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                   0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                           0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                              0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                              00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                                0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                             0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                            000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                               000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                              000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                             000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                                00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3992] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                               0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                 000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                      000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                              000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                           000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                 000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                         000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                          0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                       0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                            00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                       00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                               0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                           0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                              000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                        00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                            0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                   0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                  0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                        0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                    0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                              00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                            00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                        00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                       0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                       0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                 0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                       000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                                00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                                  0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                               0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                              000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                                 000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                                000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                               000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                                  00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                     0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                  0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                           0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                    0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                        0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                         0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                           0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                            0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                              0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                          0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                           0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                             0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                           0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                     0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                           0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                  0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                      0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                     0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                   0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                    0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                      0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                     0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                    0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                    0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                       0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                       0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                              0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                       0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                          0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                            0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                            0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                   0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                     0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                             0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                                0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4000] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                 0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                              000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                                   000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                                           000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                        000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                              000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                      000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                       0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                                                    0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                         00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                                                    00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                            0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                                                        0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                           000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                                     00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                         0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                                                0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                               0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                                                     0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                                 0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                                           00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                                         00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                                                     00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                                                    0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                    0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                                              0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                    000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                                                  0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                                               0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                                                        0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                                                 0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                                     0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                                                      0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                                        0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                                                         0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                                                           0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                                                       0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                                                        0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                                                          0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                                        0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                                                  0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                                                        0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                                               0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                                   0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                                                  0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                                                0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                                                 0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                                   0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                                                  0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                                                 0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                                                 0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                                                    0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                                                    0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                                                           0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                                                    0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                                                       0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                                                         0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                                                         0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                                                0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                                                  0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                                                          0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                                                             0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                                                             00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                                                               0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                                                            0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                                                           000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                                                              000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                                                             000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                                                            000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                                                               00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4008] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                                              0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                    000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                         000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                 000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                              000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                    000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                            000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                             0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                          0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                               00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                          00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                  0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                              0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                 000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                           00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                               0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                      0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                     0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                           0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                       0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                 00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                               00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                           00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                          0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                          0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                    0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                          000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                    0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                                   00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                                     0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                                  0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                                 000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                                    000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                                   000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                                  000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                                     00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                        0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                     0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                              0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                       0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                           0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                            0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                              0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                               0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                                 0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                             0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                              0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                                0000000076e93698 5 bytes JMP 0000000110018b80

Alt 13.10.2014, 14:50   #9
Hyrophonics
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Teil 10
Code:
ATTFilter
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                              0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                        0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                              0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                     0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                         0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                        0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                      0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                       0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                         0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                        0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                       0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                       0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                          0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                          0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                                 0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                          0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                             0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                               0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                               0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                      0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                        0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                                0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4064] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                                   0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                      000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                           000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                   000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                      000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                              000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                               0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                            0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                 00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                            00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                    0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                   000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                             00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                 0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                        0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                       0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                             0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                         0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                   00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                 00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                             00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                            0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                            0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                      0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                            000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                          0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                       0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                         0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                             0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                              0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                 0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                   0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                               0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                  0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                          0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                       0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                           0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                          0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                        0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                         0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                           0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                          0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                         0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                         0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                            0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                            0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                   0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                            0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                               0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                 0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                 0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                        0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                          0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                  0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                     0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                     00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                       0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                    0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                   000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                      000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                     000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                    000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                       00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3084] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                      0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                         000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                              000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                      000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                   000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                         000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                 000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                  0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                               0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                    00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                               00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                       0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                                   0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                      000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                    0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                           0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                          0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                                0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                            0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                      00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                    00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                                00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                               0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                               0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                         0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                               000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                             0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                          0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                                   0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                            0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                                 0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                   0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                                    0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                                      0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                                  0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                                   0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                                     0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                   0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                             0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                                   0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                          0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                              0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                             0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                           0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                            0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                              0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                             0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                            0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                            0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                               0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                               0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                                      0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                               0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                                  0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                                    0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                                    0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                           0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                             0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                                     0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                                        0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                                        00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                                          0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                                       0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                                      000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                                         000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                                        000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                                       000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                                          00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                         0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                       0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                      00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Windows\system32\wbem\wmiprvse.exe[2680] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                     000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\system32\wbem\wmiprvse.exe[2680] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                              000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\system32\wbem\wmiprvse.exe[2680] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\system32\wbem\wmiprvse.exe[2680] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                               000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\system32\wbem\wmiprvse.exe[2680] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                             000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\system32\wbem\wmiprvse.exe[2680] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                             000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\system32\wbem\wmiprvse.exe[2680] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                              000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\system32\wbem\wmiprvse.exe[2680] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                            000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\system32\wbem\wmiprvse.exe[2680] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                          000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                               000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                       000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                    000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                          000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                  000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                   0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                                0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                     00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                                00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                        0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                                    0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                       000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                 00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                     0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                            0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                           0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                                 0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                             0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                       00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                     00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                                 00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                                0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                          0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                          0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                                         00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                                           0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                                        0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                                       000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                                          000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                                         000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                                        000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                                           00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                              0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                           0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                                    0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                             0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                 0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                                  0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                    0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                                     0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                                       0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                                   0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                                    0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                                      0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                    0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                              0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                                    0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                           0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                               0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                              0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                            0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                             0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                               0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                              0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                             0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                             0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                                0000000076eaeb96 5 bytes JMP 0000000110019080

Alt 13.10.2014, 14:55   #10
Hyrophonics
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Teil 11:
Code:
ATTFilter
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                                0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                                       0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                                0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                                   0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                                     0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                                     0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                            0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                              0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                                      0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                                         0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                        0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                       00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                    000000007738f9e0 5 bytes JMP 000000010045d080
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                         000000007738fcb0 5 bytes JMP 000000010046fac0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                                 000000007738fd64 5 bytes JMP 000000010046dfa0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                              000000007738fdc8 5 bytes JMP 000000010046ec30
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                    000000007738fec0 5 bytes JMP 000000010046c270
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                            000000007738ffa4 5 bytes JMP 000000010046e640
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                             0000000077390004 5 bytes JMP 000000010046ff20
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                                          0000000077390084 5 bytes JMP 000000010046fce0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                               00000000773900b4 5 bytes JMP 000000010046e2a0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                                          00000000773903b8 5 bytes JMP 000000010046cc90
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                  0000000077390550 5 bytes JMP 000000010046b520
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                                              0000000077390694 5 bytes JMP 000000010046f750
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                 000000007739088c 5 bytes JMP 000000010046be90
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                           00000000773908a4 5 bytes JMP 000000010046c8f0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                               0000000077390df4 5 bytes JMP 000000010046f540
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                                      0000000077390ed8 5 bytes JMP 000000010046f0c0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                     0000000077391be4 5 bytes JMP 000000010046f300
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                                           0000000077391cb4 5 bytes JMP 000000010046c520
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                       0000000077391d8c 5 bytes JMP 000000010046eec0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                                 00000000773ac4dd 5 bytes JMP 0000000100467df0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                               00000000773b1287 1 byte JMP 000000010045d1a0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                                           00000000773b1289 5 bytes {JMP 0xffffffff890abf19}
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                                          0000000074dd103d 5 bytes JMP 0000000100464f30
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                          0000000074dd1072 5 bytes JMP 0000000100465ac0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                                    0000000074dfc9b5 5 bytes JMP 0000000100463a60
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                          000000007574f784 5 bytes JMP 000000010045d1d0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                                        0000000076e88bff 5 bytes JMP 000000010045b640
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                                     0000000076e890d3 7 bytes JMP 000000010045c3d0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                                              0000000076e89679 5 bytes JMP 000000010045b100
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                                       0000000076e897d2 5 bytes JMP 000000010045ab80
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                           0000000076e8ee09 5 bytes JMP 000000010045c0c0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                                            0000000076e8efc9 5 bytes JMP 00000001004580a0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                              0000000076e912a5 5 bytes JMP 000000010045bb80
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                                               0000000076e9291f 5 bytes JMP 0000000100459330
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                                                 0000000076e92d64 1 byte JMP 00000001004588e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                                             0000000076e92d66 3 bytes {JMP 0xffffffff895c5b7c}
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                                              0000000076e92da4 5 bytes JMP 0000000100457e00
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                                                0000000076e93698 5 bytes JMP 0000000100458b80
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                              0000000076e93baa 5 bytes JMP 000000010045be20
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                                        0000000076e93c61 5 bytes JMP 000000010045b8e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                                              0000000076e9612e 5 bytes JMP 000000010045b3a0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                                     0000000076e96c30 7 bytes JMP 000000010045c5f0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                         0000000076e97603 5 bytes JMP 000000010045c810
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                                        0000000076e97668 5 bytes JMP 000000010045a0c0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                                      0000000076e976e0 5 bytes JMP 000000010045a600
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                                       0000000076e9781f 5 bytes JMP 000000010045ae40
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                         0000000076e9835c 5 bytes JMP 000000010045ca80
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                                        0000000076e9c4b6 5 bytes JMP 00000001004586e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                                       0000000076eac112 5 bytes JMP 0000000100459e10
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                                       0000000076ead0f5 5 bytes JMP 0000000100459b60
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                                          0000000076eaeb96 5 bytes JMP 0000000100459080
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                                          0000000076eaec68 5 bytes JMP 00000001004595e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                                                 0000000076eaff4a 5 bytes JMP 0000000100459890
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                                          0000000076ec9f1d 5 bytes JMP 00000001004582d0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                                             0000000076ed1497 5 bytes JMP 0000000100457bf0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                                               0000000076ee027b 5 bytes JMP 0000000100469670
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                                               0000000076ee02bf 5 bytes JMP 0000000100469880
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                                      0000000076ee6cfc 5 bytes JMP 000000010045a8c0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                                        0000000076ee6d5d 5 bytes JMP 000000010045a360
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                                                0000000076ee7dd7 5 bytes JMP 00000001004584e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                                                   0000000076ee88eb 5 bytes JMP 0000000100458e60
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                                                   00000000750958b3 5 bytes JMP 0000000100468bc0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                                                     0000000075095ea6 5 bytes JMP 00000001004693e0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                                                  0000000075097bcc 5 bytes JMP 0000000100469cc0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                                                 000000007509b895 5 bytes JMP 0000000100468c00
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                                                    000000007509c332 5 bytes JMP 0000000100469130
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                                                   000000007509cbfb 5 bytes JMP 0000000100468990
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                                                  000000007509e743 5 bytes JMP 0000000100469bc0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                                                     00000000750c4857 5 bytes JMP 0000000100468ea0
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                                    0000000075572642 5 bytes JMP 0000000100464390
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                  0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                 00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                 000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                      000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                              000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                           000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                 000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                         000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                          0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                       0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                            00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                       00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                               0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                           0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                              000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                        00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                            0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                   0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                  0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                        0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                    0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                              00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                            00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                        00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW                                                                                       0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA                                                                                       0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW                                                                                 0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                       000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                 0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                  0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                               0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                              000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                 000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                               000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                  00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                     0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                  0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                           0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                    0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                        0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                         0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                           0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                            0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SetParent                                                                                              0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                          0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                           0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                             0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                           0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                     0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                           0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                  0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                      0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                     0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                   0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                    0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                      0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                     0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                    0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                    0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                       0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                       0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SendInput                                                                                              0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                       0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                          0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                            0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                            0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                   0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                     0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                             0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4844] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                      000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                           000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                   000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                      000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                              000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                               0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                            0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                 00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                            00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                    0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                   000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                             00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                 0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                        0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                       0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                             0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                         0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                   00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                 00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                             00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                            0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                            0000000074dd1072 5 bytes JMP 0000000110025ac0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                      0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                            000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                      0000000075572642 5 bytes JMP 0000000110024390
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                     00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                       0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                    0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                   000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                      000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                     000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                    000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                       00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                          0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                       0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                         0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                             0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                              0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                 0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                   0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                               0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                  0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                          0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                       0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                           0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                          0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                        0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                         0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                           0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                          0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                         0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                         0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                            0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                            0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                   0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                            0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                               0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                 0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                 0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                        0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                          0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                  0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1768] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                     0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                      000000007738f9e0 5 bytes JMP 000000010026d080
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                           000000007738fcb0 5 bytes JMP 000000010027fac0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                   000000007738fd64 5 bytes JMP 000000010027dfa0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                000000007738fdc8 5 bytes JMP 000000010027ec30
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                      000000007738fec0 5 bytes JMP 000000010027c270
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                              000000007738ffa4 5 bytes JMP 000000010027e640
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                               0000000077390004 5 bytes JMP 000000010027ff20
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                            0000000077390084 5 bytes JMP 000000010027fce0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                 00000000773900b4 5 bytes JMP 000000010027e2a0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                            00000000773903b8 5 bytes JMP 000000010027cc90
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                    0000000077390550 5 bytes JMP 000000010027b520
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                0000000077390694 5 bytes JMP 000000010027f750
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                   000000007739088c 5 bytes JMP 000000010027be90
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                             00000000773908a4 5 bytes JMP 000000010027c8f0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                 0000000077390df4 5 bytes JMP 000000010027f540
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                        0000000077390ed8 5 bytes JMP 000000010027f0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                       0000000077391be4 5 bytes JMP 000000010027f300
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                             0000000077391cb4 5 bytes JMP 000000010027c520
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                         0000000077391d8c 5 bytes JMP 000000010027eec0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                   00000000773ac4dd 5 bytes JMP 0000000100277df0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                 00000000773b1287 1 byte JMP 000000010026d1a0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                             00000000773b1289 5 bytes {ADC AL, 0xbf; JMP 0xffffffffffffff8c}
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                            0000000074dd103d 5 bytes JMP 0000000100274f30
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                            0000000074dd1072 5 bytes JMP 0000000100275ac0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                      0000000074dfc9b5 5 bytes JMP 0000000100273a60
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                            000000007574f784 5 bytes JMP 000000010026d1d0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                      0000000075572642 5 bytes JMP 0000000100274390
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                          0000000076e88bff 5 bytes JMP 000000010026b640
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                       0000000076e890d3 7 bytes JMP 000000010026c3d0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                0000000076e89679 5 bytes JMP 000000010026b100
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                         0000000076e897d2 5 bytes JMP 000000010026ab80
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                             0000000076e8ee09 5 bytes JMP 000000010026c0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                              0000000076e8efc9 5 bytes JMP 00000001002680a0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                0000000076e912a5 5 bytes JMP 000000010026bb80
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                 0000000076e9291f 5 bytes JMP 0000000100269330
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                   0000000076e92d64 1 byte JMP 00000001002688e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                               0000000076e92d66 3 bytes {JMP 0xffffffff893d5b7c}
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                0000000076e92da4 5 bytes JMP 0000000100267e00
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                  0000000076e93698 5 bytes JMP 0000000100268b80
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                0000000076e93baa 5 bytes JMP 000000010026be20
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                          0000000076e93c61 5 bytes JMP 000000010026b8e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                0000000076e9612e 5 bytes JMP 000000010026b3a0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                       0000000076e96c30 7 bytes JMP 000000010026c5f0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                           0000000076e97603 5 bytes JMP 000000010026c810
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                          0000000076e97668 5 bytes JMP 000000010026a0c0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                        0000000076e976e0 5 bytes JMP 000000010026a600
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                         0000000076e9781f 5 bytes JMP 000000010026ae40
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                           0000000076e9835c 5 bytes JMP 000000010026ca80
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                          0000000076e9c4b6 5 bytes JMP 00000001002686e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                         0000000076eac112 5 bytes JMP 0000000100269e10
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                         0000000076ead0f5 5 bytes JMP 0000000100269b60
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                            0000000076eaeb96 5 bytes JMP 0000000100269080
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                            0000000076eaec68 5 bytes JMP 00000001002695e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                   0000000076eaff4a 5 bytes JMP 0000000100269890
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                            0000000076ec9f1d 5 bytes JMP 00000001002682d0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                               0000000076ed1497 5 bytes JMP 0000000100267bf0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                 0000000076ee027b 5 bytes JMP 0000000100279670
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                 0000000076ee02bf 5 bytes JMP 0000000100279880
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                        0000000076ee6cfc 5 bytes JMP 000000010026a8c0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                          0000000076ee6d5d 5 bytes JMP 000000010026a360
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                  0000000076ee7dd7 5 bytes JMP 00000001002684e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                     0000000076ee88eb 5 bytes JMP 0000000100268e60
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                     00000000750958b3 5 bytes JMP 0000000100278bc0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                       0000000075095ea6 5 bytes JMP 00000001002793e0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                    0000000075097bcc 5 bytes JMP 0000000100279cc0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                   000000007509b895 5 bytes JMP 0000000100278c00
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                      000000007509c332 5 bytes JMP 0000000100279130
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                     000000007509cbfb 5 bytes JMP 0000000100278990
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                    000000007509e743 5 bytes JMP 0000000100279bc0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                       00000000750c4857 5 bytes JMP 0000000100278ea0
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                                                                00000000771b3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                                                                  00000000771b7ac0 5 bytes JMP 000000016fff0d50
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                     00000000771e13a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                          00000000771e1570 8 bytes JMP 000000016fff0a78
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                                                                  00000000771e15e0 8 bytes JMP 000000016fff0c00
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                               00000000771e1620 8 bytes JMP 000000016fff0b90
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                                     00000000771e16c0 8 bytes JMP 000000016fff0c38
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                             00000000771e1750 8 bytes JMP 000000016fff0b58
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                              00000000771e1790 8 bytes JMP 000000016fff0998
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                           00000000771e17e0 8 bytes JMP 000000016fff09d0
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                00000000771e1800 8 bytes JMP 000000016fff0bc8
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                                                                           00000000771e19f0 8 bytes JMP 000000016fff0d18
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                   00000000771e1b00 8 bytes JMP 000000016fff0960
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                                                                               00000000771e1bd0 8 bytes JMP 000000016fff0ab0
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                                  00000000771e1d20 8 bytes JMP 000000016fff0c70
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                            00000000771e1d30 8 bytes JMP 000000016fff0ce0
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                00000000771e20a0 8 bytes JMP 000000016fff0ae8
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                                                                       00000000771e2130 8 bytes JMP 000000016fff0ca8
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                      00000000771e29a0 8 bytes JMP 000000016fff0b20
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                            00000000771e2a20 8 bytes JMP 000000016fff0a08
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                        00000000771e2aa0 8 bytes JMP 000000016fff0a40
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                                           000007fefd2353c0 7 bytes JMP 000007fffcee0148
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                                                                    000007fefea022cc 5 bytes JMP 000007fffcee0260
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                                                                      000007fefea024c0 5 bytes JMP 000007fffcee0298
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                                                                     000007fefea05bf0 5 bytes JMP 000007fffcee02d0
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                                                                   000007fefea08398 9 bytes JMP 000007fffcee01f0
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                                                                   000007fefea089d8 9 bytes JMP 000007fffcee01b8
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                                                                    000007fefea09344 5 bytes JMP 000007fffcee0228
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                                                                  000007fefea0b9f8 5 bytes JMP 000007fffcee0340
.text     C:\Windows\system32\wuauclt.exe[5784] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                                                                      000007fefea0c8e0 5 bytes JMP 000007fffcee0308
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                        000000007738f9e0 5 bytes JMP 000000011001d080
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                             000000007738fcb0 5 bytes JMP 000000011002fac0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                                     000000007738fd64 5 bytes JMP 000000011002dfa0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                  000000007738fdc8 5 bytes JMP 000000011002ec30
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                                                                        000000007738fec0 5 bytes JMP 000000011002c270
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                000000007738ffa4 5 bytes JMP 000000011002e640
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                 0000000077390004 5 bytes JMP 000000011002ff20
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                                              0000000077390084 5 bytes JMP 000000011002fce0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                   00000000773900b4 5 bytes JMP 000000011002e2a0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                                                              00000000773903b8 5 bytes JMP 000000011002cc90
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                      0000000077390550 5 bytes JMP 000000011002b520
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                                                                  0000000077390694 5 bytes JMP 000000011002f750
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                     000000007739088c 5 bytes JMP 000000011002be90
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                               00000000773908a4 5 bytes JMP 000000011002c8f0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                   0000000077390df4 5 bytes JMP 000000011002f540
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                                                                          0000000077390ed8 5 bytes JMP 000000011002f0c0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                         0000000077391be4 5 bytes JMP 000000011002f300
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                                                               0000000077391cb4 5 bytes JMP 000000011002c520
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                           0000000077391d8c 5 bytes JMP 000000011002eec0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                                     00000000773ac4dd 5 bytes JMP 0000000110027df0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                                   00000000773b1287 1 byte JMP 000000011001d1a0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2                                                                                                                               00000000773b1289 5 bytes {JMP 0xffffffff98c6bf19}
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                                              0000000074dd103d 5 bytes JMP 0000000110024f30
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                              0000000074dd1072 5 bytes JMP 0000000110025ac0
Teil 12
Code:
ATTFilter
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                                        0000000074dfc9b5 5 bytes JMP 0000000110023a60
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                                                              000000007574f784 5 bytes JMP 000000011001d1d0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                                                            0000000076e88bff 5 bytes JMP 000000011001b640
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                                                                         0000000076e890d3 7 bytes JMP 000000011001c3d0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                                                                  0000000076e89679 5 bytes JMP 000000011001b100
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                                                           0000000076e897d2 5 bytes JMP 000000011001ab80
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                               0000000076e8ee09 5 bytes JMP 000000011001c0c0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                                                                0000000076e8efc9 5 bytes JMP 00000001100180a0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                                  0000000076e912a5 5 bytes JMP 000000011001bb80
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                                                   0000000076e9291f 5 bytes JMP 0000000110019330
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                                                     0000000076e92d64 1 byte JMP 00000001100188e0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SetParent + 2                                                                                                                                 0000000076e92d66 3 bytes {JMP 0xffffffff99185b7c}
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                                                  0000000076e92da4 5 bytes JMP 0000000110017e00
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                                                    0000000076e93698 5 bytes JMP 0000000110018b80
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                                  0000000076e93baa 5 bytes JMP 000000011001be20
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                                                            0000000076e93c61 5 bytes JMP 000000011001b8e0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                                                                  0000000076e9612e 5 bytes JMP 000000011001b3a0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                                                                         0000000076e96c30 7 bytes JMP 000000011001c5f0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                             0000000076e97603 5 bytes JMP 000000011001c810
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                                                            0000000076e97668 5 bytes JMP 000000011001a0c0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                                                                          0000000076e976e0 5 bytes JMP 000000011001a600
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                                                           0000000076e9781f 5 bytes JMP 000000011001ae40
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                             0000000076e9835c 5 bytes JMP 000000011001ca80
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                                                            0000000076e9c4b6 5 bytes JMP 00000001100186e0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                                                           0000000076eac112 5 bytes JMP 0000000110019e10
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                                                           0000000076ead0f5 5 bytes JMP 0000000110019b60
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                                              0000000076eaeb96 5 bytes JMP 0000000110019080
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                                                              0000000076eaec68 5 bytes JMP 00000001100195e0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                                                     0000000076eaff4a 5 bytes JMP 0000000110019890
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                                                              0000000076ec9f1d 5 bytes JMP 00000001100182d0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                                                                 0000000076ed1497 5 bytes JMP 0000000110017bf0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                                                                   0000000076ee027b 5 bytes JMP 0000000110029670
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                                                   0000000076ee02bf 5 bytes JMP 0000000110029880
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                                                                          0000000076ee6cfc 5 bytes JMP 000000011001a8c0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                                                            0000000076ee6d5d 5 bytes JMP 000000011001a360
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                                                                    0000000076ee7dd7 5 bytes JMP 00000001100184e0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                                                                       0000000076ee88eb 5 bytes JMP 0000000110018e60
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                                                                       00000000750958b3 5 bytes JMP 0000000110028bc0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                                                         0000000075095ea6 5 bytes JMP 00000001100293e0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                                                                      0000000075097bcc 5 bytes JMP 0000000110029cc0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                                                     000000007509b895 5 bytes JMP 0000000110028c00
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                                                                        000000007509c332 5 bytes JMP 0000000110029130
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                                                                       000000007509cbfb 5 bytes JMP 0000000110028990
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                                                                      000000007509e743 5 bytes JMP 0000000110029bc0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                                                                         00000000750c4857 5 bytes JMP 0000000110028ea0
.text     C:\Users\Gotfried III\Downloads\2tdj0y06.exe[1172] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                                        0000000075572642 5 bytes JMP 0000000110024390
---- Processes - GMER 2.1 ----

Library   C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe [2948](2014-09-13 00:20:58)                                             00000000041c0000
Library   c:\users\gotfri~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslispg.dll (*** suspicious ***) @ C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe [2948](2014-10-13 06:35:43)   0000000004610000
Library   C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe [2948](2013-08-23 19:01:44)                                                   000000006d700000
Library   C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe [2948] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                     000000006a940000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2ba87cea                                                                                                                                                     
Reg       HKLM\SYSTEM\CurrentControlSet\services\SynTP\Parameters@DetectTimeMS                                                                                                                                                            936
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2ba87cea (not active ControlSet)                                                                                                                                 
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics\IBM SPSS Statistics 22 \x2013 Pendlerlizenz.lnk  1
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics\IBM SPSS Statistics 22 \x2013 Pendlerlizenz.lnk                         1

---- EOF - GMER 2.1 ----
Code:
ATTFilter

	
Code: 

 
ATTFilter


  

	
HitmanPro 3.7.9.225
www.hitmanpro.com

   Computer name . . . . : GOTFRIEDIII-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : GotfriedIII-PC\Gotfried III
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-10-13 14:58:02
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 27s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 16

   Objects scanned . . . : 1.208.898
   Files scanned . . . . : 14.540
   Remnants scanned  . . : 261.917 files / 932.441 keys

Suspicious files ____________________________________________________________

   C:\Windows\mod_frst.exe
      Size . . . . . . . : 430.080 bytes
      Age  . . . . . . . : 0.2 days (2014-10-13 09:54:13)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 1A4F003A36F73127419BE7611A2C5664524EF0D5668AB2993D5D483DCF3491F2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 26.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
      Forensic Cluster
          0.0s C:\Windows\mod_frst.exe
          0.0s C:\Windows\mod_frst.exe


Cookies _____________________________________________________________________

   C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Gotfried III\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Cookies\3MF8UKS4.txt
   C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Cookies\8I2L834W.txt
   C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Cookies\INYFOAUZ.txt
   C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Cookies\IPP5WCOE.txt
   C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Cookies\IR743T0J.txt
   C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Cookies\JA26S56V.txt
   C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Cookies\LDYDGQHN.txt
   C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Cookies\LJ5YXZ0A.txt
   C:\Users\Gotfried III\AppData\Roaming\Microsoft\Windows\Cookies\ZTBL32DV.txt
Bitte um Verzeihung, einer zwischendrin ist ohne #

Das waren aber alle, die ich hatte

Alt 14.10.2014, 09:59   #11
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.10.2014, 19:51   #12
Hyrophonics
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Code:
ATTFilter
ComboFix 14-10-13.01 - Gotfried III 14.10.2014  20:12:06.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3948.2017 [GMT 2:00]
ausgeführt von:: c:\users\Gotfried III\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\lsprst7.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-09-14 bis 2014-10-14  ))))))))))))))))))))))))))))))
.
.
2014-10-14 18:18 . 2014-10-14 18:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-13 07:51 . 2014-10-13 07:56	--------	d-----w-	C:\FRST
2014-10-05 11:57 . 2014-10-05 11:57	--------	d-----w-	c:\users\Gotfried III\AppData\Local\IBM
2014-10-05 11:11 . 2014-10-05 11:13	--------	d-----w-	c:\program files\SPSS 22 Win + Amos
2014-10-05 10:17 . 2014-10-05 10:17	--------	d-----w-	c:\program files (x86)\Common Files\COMODO
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-09 21:59 . 2013-01-11 21:20	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 21:59 . 2013-01-11 21:20	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07 . 2014-09-03 07:40	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-03 07:40	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-09-03 07:40	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-08-19 18:05 . 2014-09-10 09:12	374968	----a-w-	c:\windows\system32\iedkcs32.dll
2014-08-18 23:01 . 2014-09-10 09:12	23591424	----a-w-	c:\windows\system32\mshtml.dll
2014-08-18 22:29 . 2014-09-10 09:12	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-08-18 22:29 . 2014-09-10 09:12	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-08-18 22:20 . 2014-09-10 09:12	2793984	----a-w-	c:\windows\system32\iertutil.dll
2014-08-18 22:19 . 2014-09-10 09:12	5833728	----a-w-	c:\windows\system32\jscript9.dll
2014-08-18 22:15 . 2014-09-10 09:12	547328	----a-w-	c:\windows\system32\vbscript.dll
2014-08-18 22:15 . 2014-09-10 09:12	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-08-18 22:14 . 2014-09-10 09:12	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-08-18 22:14 . 2014-09-10 09:12	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-08-18 22:08 . 2014-09-10 09:12	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-08-18 22:08 . 2014-09-10 09:11	4232704	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-08-18 22:08 . 2014-09-10 09:12	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-08-18 22:05 . 2014-09-10 09:12	596480	----a-w-	c:\windows\system32\ieui.dll
2014-08-18 22:03 . 2014-09-10 09:12	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-08-18 22:03 . 2014-09-10 09:12	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-08-18 22:03 . 2014-09-10 09:12	758272	----a-w-	c:\windows\system32\jscript9diag.dll
2014-08-18 21:57 . 2014-09-10 09:12	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56 . 2014-09-10 09:12	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:51 . 2014-09-10 09:12	446464	----a-w-	c:\windows\system32\dxtmsft.dll
2014-08-18 21:46 . 2014-09-10 09:12	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-10 09:12	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-08-18 21:45 . 2014-09-10 09:12	72704	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:44 . 2014-09-10 09:12	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-10 09:12	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:40 . 2014-09-10 09:12	195584	----a-w-	c:\windows\system32\msrating.dll
2014-08-18 21:39 . 2014-09-10 09:12	85504	----a-w-	c:\windows\system32\mshtmled.dll
2014-08-18 21:38 . 2014-09-10 09:12	289280	----a-w-	c:\windows\system32\dxtrans.dll
2014-08-18 21:36 . 2014-09-10 09:12	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-10 09:12	597504	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:25 . 2014-09-10 09:12	727040	----a-w-	c:\windows\system32\msfeeds.dll
2014-08-18 21:25 . 2014-09-10 09:12	707072	----a-w-	c:\windows\system32\ie4uinit.exe
2014-08-18 21:23 . 2014-09-10 09:11	2104832	----a-w-	c:\windows\system32\inetcpl.cpl
2014-08-18 21:23 . 2014-09-10 09:12	1249280	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-08-18 21:22 . 2014-09-10 09:12	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:16 . 2014-09-10 09:11	13588480	----a-w-	c:\windows\system32\ieframe.dll
2014-08-18 21:15 . 2014-09-10 09:12	2310656	----a-w-	c:\windows\system32\wininet.dll
2014-08-18 21:08 . 2014-09-10 09:11	2014208	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-10 09:12	1068032	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:55 . 2014-09-10 09:11	1447424	----a-w-	c:\windows\system32\urlmon.dll
2014-08-18 20:46 . 2014-09-10 09:12	1812992	----a-w-	c:\windows\SysWow64\wininet.dll
2014-08-18 20:38 . 2014-09-10 09:12	775168	----a-w-	c:\windows\system32\ieapfltr.dll
2014-08-15 18:25 . 2014-08-15 18:25	11176	----a-w-	c:\windows\SysWow64\vpncategories.dll
2014-08-15 18:25 . 2014-08-15 18:25	34216	----a-w-	c:\windows\SysWow64\vpnevents.dll
2014-08-15 18:07 . 2014-08-15 18:07	52592	----a-w-	c:\windows\system32\drivers\vpnva64-6.sys
2014-08-15 18:07 . 2014-08-15 18:07	112496	----a-r-	c:\windows\system32\drivers\acsock64.sys
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47	869544	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2013-06-23 2051]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-09-24 2327248]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2014-08-15 707496]
.
c:\users\Gotfried III\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gotfried III\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
Tintenwarnungen überwachen - HP Deskjet 2050 J510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN0B53J05105D1;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2014-9-25 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-08 07:10	1089352	----a-w-	c:\program files (x86)\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 21:59]
.
2014-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 08:58]
.
2014-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 08:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Gotfried III\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-15 7466600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-05-09 627360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-05-09 379552]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={E2FBCCD4-018D-4CF3-81C6-8A5A8E619738}&mid=f8a3c197347d47d099c27ceb9e0d2bf9-e9b4920b64c5d82915451d157c85cc3207bb7966&lang=de&ds=pd011&pr=sa&d=2012-09-19 16:31&v=12.1.0.20&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{69E1BA0D-5AC8-49B0-8907-5B7A706D01BF}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{85329B0F-82C4-4F76-9E86-D24D38BC5A2E}: NameServer = 192.168.1.1,156.154.70.22
TCP: Interfaces\{85329B0F-82C4-4F76-9E86-D24D38BC5A2E}\16775637F6D65612: NameServer = 192.168.1.1,156.154.70.22
TCP: Interfaces\{85329B0F-82C4-4F76-9E86-D24D38BC5A2E}\2656C6B696E6534376: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{85329B0F-82C4-4F76-9E86-D24D38BC5A2E}\64259445A51224F6870264F6E60275C414E40273131323: NameServer = 192.168.1.1,156.154.70.22
TCP: Interfaces\{85329B0F-82C4-4F76-9E86-D24D38BC5A2E}\75C414E4D2432454537333: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{85329B0F-82C4-4F76-9E86-D24D38BC5A2E}\C696E6B6379737: NameServer = 8.26.56.26,156.154.70.22
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-14  20:21:10
ComboFix-quarantined-files.txt  2014-10-14 18:21
.
Vor Suchlauf: 12 Verzeichnis(se), 422.010.617.856 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 421.939.142.656 Bytes frei
.
- - End Of File - - D1F5AC47A6CBCF80F5AA49E58A2FA555
Hat nicht gemeckert ^^

Grüße Hyrophonics

Alt 15.10.2014, 18:23   #13
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.10.2014, 08:36   #14
Hyrophonics
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.10.2014
Suchlauf-Zeit: 07:53:46
Logdatei: malwarebytes.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.10.16.02
Rootkit Datenbank: v2014.10.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Gotfried III

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333844
Verstrichene Zeit: 27 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
ATTFilter
# AdwCleaner v4.000 - Bericht erstellt am 16/10/2014 um 08:32:55
# DB v2014-10-15.7
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gotfried III - GOTFRIEDIII-PC
# Gestartet von : C:\Users\Gotfried III\Downloads\AdwCleaner_4.000.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v38.0.2125.101


*************************

AdwCleaner[R0].txt - [1891 octets] - [16/10/2014 08:29:05]
AdwCleaner[S0].txt - [1471 octets] - [16/10/2014 08:32:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1531 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gotfried III on 16.10.2014 at  8:42:22,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
Successfully deleted: [Folder] "C:\Program Files (x86)\adtrustmedia"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.10.2014 at  9:12:56,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Alt 16.10.2014, 18:40   #15
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Standard

Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 1 von 2 1 2

Themen zu Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)
browser, fehlercode 0x5, fehlercode 0x80070490, fehlercode 0xc0000005, fehlercode 22, fehlercode windows, fenster, hilfe!, iso-datei, log-datei, logdateien, minuten, nichts, signaturen, this device is disabled. (code 22), version, virensignaturen, werbung, wetter, win, wochen


« windows net-clean lässt sich nicht entfernen | Polizeiseite verlangt Geld & sperrt den Browser »


Ähnliche Themen: Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)


  1. ie11 stürzt mit bsod ab, win7 home premium sp1 64bit
    Log-Analyse und Auswertung - 14.07.2015 (14)
  2. Windows 7 Home Premium 64bit: diverse Virenfunde
    Log-Analyse und Auswertung - 19.03.2015 (19)
  3. Google Chrome öffnet Pop-Up Fenster (Werbung) ohne das ich im Browser etwas mache
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (15)
  4. Windows 7 64Bit home Premium sehr langsam
    Log-Analyse und Auswertung - 26.10.2014 (11)
  5. Windows 7 Home Premium: Cursor springt in Zeilen umher / Fenster nicht minimierbar
    Plagegeister aller Art und deren Bekämpfung - 11.10.2014 (7)
  6. Win 7 Home Premium 64Bit - Inkasso Email - ZIP Anhang angeklickt
    Log-Analyse und Auswertung - 06.06.2014 (3)
  7. Windows 7 Home Premium 64Bit, Internet langsam bzw Downloads
    Alles rund um Windows - 04.01.2014 (1)
  8. windows 7 home premium sp1 startet immer um 0 uhr +/- 10 minuten ohne grund
    Alles rund um Windows - 06.11.2013 (4)
  9. Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2
    Log-Analyse und Auswertung - 13.09.2013 (15)
  10. Kaputt - einer von vielen weißen Bildschirmen! Win7/64bit Home Premium HP Notebook
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (26)
  11. GVU Trojaner auf meinem System / Windows 7 Home Premium 64bit
    Log-Analyse und Auswertung - 30.10.2012 (1)
  12. GVU-Trojaner Win7 64Bit Home Premium
    Log-Analyse und Auswertung - 19.09.2012 (13)
  13. Ebenfalls My Start Incredibar eingefangen (Win7 Home Premium 64Bit)
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (22)
  14. BKA Trojaner - Windows 7 Home Premium 64bit
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (17)
  15. Desktop Icons ordnen sich links an - Win7 64bit Home Premium
    Alles rund um Windows - 14.07.2012 (3)
  16. BKA-Trojaner mit Webcam / Win 7 Home Premium 64bit
    Log-Analyse und Auswertung - 13.07.2012 (13)
  17. GEMA-Trojaner (Ukash) auf Windows Home Premium Notebook ohne Wiederherstellungspunkt)
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) - Hi, seit etwa 2 Wochen läuft immer mal wieder für wenige Minuten ein Audiostream (Werbung, Radio, Wetter etc...) auf meinem PC. Es passiert immer nur, wenn ich surfe (Browser ist - Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome)...
Archiv
Du betrachtest: Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19