Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Laptop gehackt!

Laptop gehackt!


Plagegeister aller Art und deren Bekämpfung: Laptop gehackt!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 3 von 4 12 3 4
Alt 07.11.2014, 14:57   #31
Warlord711
/// TB-Ausbilder
 
Laptop gehackt! - Standard

Laptop gehackt!


Also ESET hat insgesamt nur Adware gefunden, die Meldung von deiner Firewall war garantiert auch legitim, wobei die Anfrage der Firewall "Musik" zu erlauben, ein bisschen kryptisch erscheint.

Bisher hab ich weder im FRST Log noch im ESET Log Anzeichen irgendeiner Infektion gesehen.

Ich weiss nicht was diese Firewall gemeldet hat, evtl gibts da ja ein Log das du posten könntest ?
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 07.11.2014, 15:06   #32
hel47
 
Laptop gehackt! - Standard

Laptop gehackt!


Es kann ja sein,daß jemand überprüfen will ob ich verbotener Maßen Musik aus dem Internet lade.Aber illegal mach ich sowas nicht.
__________________
Alt 07.11.2014, 15:16   #33
Warlord711
/// TB-Ausbilder
 
Laptop gehackt! - Standard

Laptop gehackt!


Ernsthaft ?
Ok, machen wir normal weiter. Ich geh mir dir sogar noch ein paar extra-Tools durch, damit du beruhigt bist ;-)

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.
__________________
__________________
Alt 07.11.2014, 20:47   #34
hel47
 
Laptop gehackt! - Standard

Laptop gehackt!


Ergebnisse vom Sicherheitscheck:
Code:
ATTFilter
Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
[b][u]``````````````AntivirusFirewall Check``````````````[b][u] 
 [color=red][b]Windows Security Center service is not running! This report may not be accurate![b][color] 
Microsoft Security Essentials   
Advanced SystemCare Ultimate    
 Antivirus up to date!  
[b][u]`````````Anti-malwareOther Utilities Check`````````[b][u] 
 MVPS Hosts File  
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox (33.0.3) 
[b][u]````````Process Check objlist.exe by Laurent````````[b][u]  
 Tall Emu Online Armor OAcat.exe 
 Tall Emu Online Armor oasrv.exe 
 Tall Emu Online Armor oaui.exe 
 Tall Emu Online Armor OAhlp.exe 
 Malwarebytes Anti-Exploit mbae.exe   
 TOSHIBA TOSHIBA Online Product Information TOPI.exe  
 Common Files Microsoft Shared Windows Live AvastSvc.exe -- 
 Common Files Microsoft Shared Windows Live AvastVBoxSVC.exe -- 
 AVAST Software Avast avastui.exe  
[b][u]`````````````````System Health check`````````````````[b][u] 
 Total Fragmentation on Drive C  
[b][u]````````````````````End of Log``````````````````````[b][u]
Die Gmer.txt datei ist zu lang.Ich bekomme das mit dem zippen nicht hin.

Alt 08.11.2014, 12:51   #35
Warlord711
/// TB-Ausbilder
 
Laptop gehackt! - Standard

Laptop gehackt!


Hmm dann die .txt als Anhang beim Antworten, oder auf mehrere Antworten aufteilen - letztere Option wäre mir lieber.

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 08.11.2014, 15:31   #36
hel47
 
Laptop gehackt! - Standard

Laptop gehackt!


Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-07 19:53:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS547564A9E384 rev.JEDOA60B 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Helmut\AppData\Local\Temp\kgloyfob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                           fffff80003403000 46 bytes [D3, 92, 89, 7B, 3C, 4C, 14, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                           fffff8000340302f 25 bytes [DE, 38, 2C, 81, C1, C0, 0B, ...]

---- User code sections - GMER 2.1 ----

.text     C:\windows\system32\winlogon.exe[812] C:\windows\system32\USER32.dll!PeekMessageA                                                                                            0000000076db3a18 14 bytes [68, E0, 39, D2, FC, C7, 44, ...]
.text     C:\windows\system32\winlogon.exe[812] C:\windows\system32\USER32.dll!GetMessageA                                                                                             0000000076db6110 14 bytes [68, E0, 38, D2, FC, C7, 44, ...]
.text     C:\windows\system32\winlogon.exe[812] C:\windows\system32\USER32.dll!IsDialogMessageW                                                                                        0000000076db66c0 14 bytes [68, A0, 38, D2, FC, C7, 44, ...]
.text     C:\windows\system32\winlogon.exe[812] C:\windows\system32\USER32.dll!PeekMessageW                                                                                            0000000076db8fd0 14 bytes [68, 80, 3A, D2, FC, C7, 44, ...]
.text     C:\windows\system32\winlogon.exe[812] C:\windows\system32\USER32.dll!GetMessageW                                                                                             0000000076db9e74 14 bytes [68, 60, 39, D2, FC, C7, 44, ...]
.text     C:\windows\system32\winlogon.exe[812] C:\windows\system32\USER32.dll!IsDialogMessage                                                                                         0000000076df3268 14 bytes [68, 60, 38, D2, FC, C7, 44, ...]
.text     C:\Program Files (x86)\Online Armor\oasrv.exe[2068] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                  00000000760d2c9e 4 bytes CALL 71ac0000
.text     C:\windows\system32\Dwm.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                   00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\windows\system32\Dwm.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\windows\system32\Dwm.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                 0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\windows\system32\Dwm.exe[2372] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                    000007fefd0c9055 3 bytes CALL 9000027
.text     C:\windows\system32\Dwm.exe[2372] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                                           000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\windows\system32\Dwm.exe[2372] C:\windows\system32\ole32.dll!CoCreateInstance                                                                                             000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\windows\system32\Dwm.exe[2372] C:\windows\system32\ole32.dll!CoGetClassObject                                                                                             000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\windows\system32\Dwm.exe[2372] C:\windows\system32\WS2_32.dll!socket                                                                                                      000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\windows\system32\Dwm.exe[2372] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                                         000007fefa0803c0 6 bytes JMP 60000
.text     C:\windows\Explorer.EXE[2420] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                       00000000770115e0 6 bytes {JMP QWORD [RIP+0x91cea50]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                    0000000077011620 6 bytes {JMP QWORD [RIP+0x91eea10]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                     0000000077011800 6 bytes {JMP QWORD [RIP+0x91ae830]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\system32\kernel32.dll!CreateProcessW                                                                                                0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\system32\kernel32.dll!WriteProcessMemory                                                                                            0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\system32\kernel32.dll!VirtualProtectEx                                                                                              0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\system32\kernel32.dll!CreateProcessA                                                                                                0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                        000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\windows\Explorer.EXE[2420] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                                               000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\system32\ole32.dll!CoCreateInstance                                                                                                 000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\system32\ole32.dll!CoGetClassObject                                                                                                 000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\system32\WS2_32.dll!socket                                                                                                          000007fefe66de90 6 bytes JMP 401
.text     C:\windows\Explorer.EXE[2420] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                                             000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\System32\IPHLPAPI.DLL!IcmpSendEcho2Ex                                                                                               000007fefa367f5c 6 bytes {JMP QWORD [RIP+0x680d4]}
.text     C:\windows\Explorer.EXE[2420] C:\windows\System32\IPHLPAPI.DLL!IcmpSendEcho2                                                                                                 000007fefa36839c 6 bytes {JMP QWORD [RIP+0x47c94]}
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2964] C:\windows\syswow64\USER32.dll!GetMessageW                                                 00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2964] C:\windows\syswow64\USER32.dll!GetMessageA                                                 0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2964] C:\windows\syswow64\USER32.dll!PeekMessageW                                                00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2964] C:\windows\syswow64\USER32.dll!PeekMessageA                                                0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2964] C:\windows\syswow64\USER32.dll!IsDialogMessage                                             00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2964] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                            00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2964] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[2964] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[2204] C:\windows\syswow64\USER32.dll!GetMessageW 00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[2204] C:\windows\syswow64\USER32.dll!GetMessageA 0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[2204] C:\windows\syswow64\USER32.dll!PeekMessageW 00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[2204] C:\windows\syswow64\USER32.dll!PeekMessageA 0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[2204] C:\windows\syswow64\USER32.dll!IsDialogMessage 00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[2204] C:\windows\syswow64\USER32.dll!IsDialogMessageW 00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[2204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076841465 2 bytes [84, 76]
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[2204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768414bb 2 bytes [84, 76]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2640] C:\windows\syswow64\USER32.dll!GetMessageW 00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2640] C:\windows\syswow64\USER32.dll!GetMessageA 0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2640] C:\windows\syswow64\USER32.dll!PeekMessageW 00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2640] C:\windows\syswow64\USER32.dll!PeekMessageA 0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2640] C:\windows\syswow64\USER32.dll!IsDialogMessage 00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2640] C:\windows\syswow64\USER32.dll!IsDialogMessageW 00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076841465 2 bytes [84, 76]
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768414bb 2 bytes [84, 76]
.text ... * 2
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2404] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076128791 5 bytes JMP 000000010067b780
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2404] C:\windows\syswow64\USER32.dll!GetMessageW 00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2404] C:\windows\syswow64\USER32.dll!GetMessageA 0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2404] C:\windows\syswow64\USER32.dll!PeekMessageW 00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2404] C:\windows\syswow64\USER32.dll!PeekMessageA 0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2404] C:\windows\syswow64\USER32.dll!IsDialogMessage 00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2404] C:\windows\syswow64\USER32.dll!IsDialogMessageW 00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076841465 2 bytes [84, 76]
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768414bb 2 bytes [84, 76]
.text ... * 2
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\kernel32.dll!CreateProcessW 0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\kernel32.dll!WriteProcessMemory 0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\kernel32.dll!VirtualProtectEx 0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\kernel32.dll!CreateProcessA 0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd0c9055 3 bytes [B5, 6F, 06]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\ole32.dll!CoCreateInstanceEx 000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\ole32.dll!CoGetClassObject 000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW

Code:
ATTFilter
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                        2             000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\WS2_32.dll!socket                                                                                  000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                   00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                 0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                           000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\ole32.dll!CoCreateInstance                                                             000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\ole32.dll!CoGetClassObject                                                             000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\WS2_32.dll!socket                                                                      000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                         000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                 00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                              0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                               0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!CreateProcessW                                                                          0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!WriteProcessMemory                                                                      0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!VirtualProtectEx                                                                        0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!CreateProcessA                                                                          0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                  000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserW                                                                    000007fefe6be780 6 bytes JMP 3cc
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateServiceW                                                                          000007fefe6d55c8 6 bytes {JMP QWORD [RIP+0x15aa68]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateServiceA                                                                          000007fefe6eb85c 6 bytes {JMP QWORD [RIP+0x1247d4]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                    000007fefe6fa6f0 6 bytes {JMP QWORD [RIP+0xd5940]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                         000007fefe45de90 6 bytes JMP 18b4815
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ole32.dll!CoCreateInstance                                                                           000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ole32.dll!CoGetClassObject                                                                           000007fefe482e18 6 bytes JMP 5b20c483
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\WS2_32.dll!socket                                                                                    000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                       000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                             00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                           0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!CreateProcessW                                                                      0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!WriteProcessMemory                                                                  0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!VirtualProtectEx                                                                    0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!CreateProcessA                                                                      0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                              000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                     000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\ole32.dll!CoCreateInstance                                                                       000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\ole32.dll!CoGetClassObject                                                                       000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                        3
Code:
ATTFilter
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                        2             000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\WS2_32.dll!socket                                                                                  000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                   00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                 0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                           000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\ole32.dll!CoCreateInstance                                                             000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\ole32.dll!CoGetClassObject                                                             000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\WS2_32.dll!socket                                                                      000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                         000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                 00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                              0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                               0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!CreateProcessW                                                                          0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!WriteProcessMemory                                                                      0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!VirtualProtectEx                                                                        0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!CreateProcessA                                                                          0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                  000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserW                                                                    000007fefe6be780 6 bytes JMP 3cc
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateServiceW                                                                          000007fefe6d55c8 6 bytes {JMP QWORD [RIP+0x15aa68]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateServiceA                                                                          000007fefe6eb85c 6 bytes {JMP QWORD [RIP+0x1247d4]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                    000007fefe6fa6f0 6 bytes {JMP QWORD [RIP+0xd5940]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                         000007fefe45de90 6 bytes JMP 18b4815
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ole32.dll!CoCreateInstance                                                                           000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ole32.dll!CoGetClassObject                                                                           000007fefe482e18 6 bytes JMP 5b20c483
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\WS2_32.dll!socket                                                                                    000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                       000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                             00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                           0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!CreateProcessW                                                                      0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!WriteProcessMemory                                                                  0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!VirtualProtectEx                                                                    0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!CreateProcessA                                                                      0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                              000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                     000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\ole32.dll!CoCreateInstance                                                                       000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\ole32.dll!CoGetClassObject                                                                       000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                        3
Code:
ATTFilter
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                        2             000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\windows\system32\WS2_32.dll!socket                                                                                  000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                   00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                 0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                           000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\ole32.dll!CoCreateInstance                                                             000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\ole32.dll!CoGetClassObject                                                             000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\WS2_32.dll!socket                                                                      000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe[3772] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                         000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                 00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                              0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                               0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!CreateProcessW                                                                          0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!WriteProcessMemory                                                                      0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!VirtualProtectEx                                                                        0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\kernel32.dll!CreateProcessA                                                                          0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                  000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserW                                                                    000007fefe6be780 6 bytes JMP 3cc
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateServiceW                                                                          000007fefe6d55c8 6 bytes {JMP QWORD [RIP+0x15aa68]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateServiceA                                                                          000007fefe6eb85c 6 bytes {JMP QWORD [RIP+0x1247d4]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                    000007fefe6fa6f0 6 bytes {JMP QWORD [RIP+0xd5940]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                         000007fefe45de90 6 bytes JMP 18b4815
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ole32.dll!CoCreateInstance                                                                           000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\ole32.dll!CoGetClassObject                                                                           000007fefe482e18 6 bytes JMP 5b20c483
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\WS2_32.dll!socket                                                                                    000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3944] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                       000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                             00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                           0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!CreateProcessW                                                                      0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!WriteProcessMemory                                                                  0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!VirtualProtectEx                                                                    0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\kernel32.dll!CreateProcessA                                                                      0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                              000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                     000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\ole32.dll!CoCreateInstance                                                                       000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\ole32.dll!CoGetClassObject                                                                       000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4076] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                        3

Alt 08.11.2014, 15:48   #37
hel47
 
Laptop gehackt! - Standard

Laptop gehackt!


Code:
ATTFilter
Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!PostMessageW                                         00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!GetKeyState                                          000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!PostMessageA                                         0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                   0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!PeekMessageA                                         0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!SendMessageA                                         000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                    0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                   0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                 00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                    000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!IsDialogMessage                                      00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                     00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                     00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!GetKeyboardState                                     00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                 00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!SendInput                                            00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!SendInput + 4                                        00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                        00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!keybd_event                                          00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                 00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                 00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                   00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                              00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                          00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!EndTask                                              00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\USER32.dll!EndTask + 4                                          00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\GDI32.dll!DeleteDC                                              0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\GDI32.dll!BitBlt                                                0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\GDI32.dll!CreateDCA                                             0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\GDI32.dll!CreateDCW                                             0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                     0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                     0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                            0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                          0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                            0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                          0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe[5152] C:\windows\syswow64\WS2_32.dll!socket                                               0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                        00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                     0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\system32\kernel32.dll!CreateProcessW                                                                                 0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\system32\kernel32.dll!WriteProcessMemory                                                                             0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\system32\kernel32.dll!VirtualProtectEx                                                                               0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\system32\kernel32.dll!CreateProcessA                                                                                 0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                         000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                                000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\system32\ole32.dll!CoCreateInstance                                                                                  000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\system32\ole32.dll!CoGetClassObject                                                                                  000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                              000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files\TOSHIBA\TECO\Teco.exe[5176] C:\windows\system32\WS2_32.dll!socket                                                                                           000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                           00000000771bfd64 3 bytes JMP 712d000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                       00000000771bfd68 2 bytes JMP 712d000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                      00000000771bffa4 3 bytes JMP 712a000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                  00000000771bffa8 2 bytes JMP 712a000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                         00000000771c00b4 3 bytes JMP 7130000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                     00000000771c00b8 2 bytes JMP 7130000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                  00000000771c0210 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                              00000000771c0214 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                           00000000771c088c 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                       00000000771c0890 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                         00000000771c17e0 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                     00000000771c17e4 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\kernel32.dll!CreateProcessW                                    000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\kernel32.dll!CreateProcessA                                    0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                      00000000761248f3 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                      000000007612499f 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                            00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!GetMessageW                                         00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!GetMessageA                                         0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                  0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!SendMessageW                                        0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!SetWinEventHook                                     000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!RegisterHotKey                                      000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                  000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!PeekMessageW                                        00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!PostMessageW                                        00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!GetKeyState                                         000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!PostMessageA                                        0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                  0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!PeekMessageA                                        0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!SendMessageA                                        000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                   0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                  0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                   000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!IsDialogMessage                                     00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                    00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                    00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!GetKeyboardState                                    00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!SendInput                                           00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!SendInput + 4                                       00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                       00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!keybd_event                                         00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                  00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                             00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                         00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!EndTask                                             00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\USER32.dll!EndTask + 4                                         00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\GDI32.dll!DeleteDC                                             0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\GDI32.dll!BitBlt                                               0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\GDI32.dll!CreateDCA                                            0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\GDI32.dll!CreateDCW                                            0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                    0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                    0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                           0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                         0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                           0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                         0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe[6028] C:\windows\syswow64\WS2_32.dll!socket                                              0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                              00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                           0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                            0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                               000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserW                                                                 000007fefe6be780 6 bytes JMP 3cc
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\system32\ADVAPI32.dll!CreateServiceW                                                                       000007fefe6d55c8 6 bytes {JMP QWORD [RIP+0x15aa68]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\system32\ADVAPI32.dll!CreateServiceA                                                                       000007fefe6eb85c 6 bytes {JMP QWORD [RIP+0x1247d4]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                 000007fefe6fa6f0 6 bytes {JMP QWORD [RIP+0xd5940]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\system32\WS2_32.dll!socket                                                                                 000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                    000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                      000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\system32\ole32.dll!CoCreateInstance                                                                        000007fefe477490 6 bytes JMP 0
.text     C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6136] C:\windows\system32\ole32.dll!CoGetClassObject                                                                        000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                          00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                       0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                        0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\system32\KERNEL32.dll!CreateProcessW                                                                   0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\system32\KERNEL32.dll!WriteProcessMemory                                                               0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\system32\KERNEL32.dll!VirtualProtectEx                                                                 0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\system32\KERNEL32.dll!CreateProcessA                                                                   0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                           000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\system32\WS2_32.dll!socket                                                                             000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                  000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\system32\ole32.dll!CoCreateInstance                                                                    000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[5660] C:\windows\system32\ole32.dll!CoGetClassObject                                                                    000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files (x86)\Online Armor\oaui.exe[4568] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                   00000000760d2c9e 4 bytes {CALL QWORD [RIP+0x71ac000a]}
.text     C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[5416] C:\windows\system32\KERNEL32.dll!CreateProcessW                                             0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[5416] C:\windows\system32\KERNEL32.dll!WriteProcessMemory                                         0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[5416] C:\windows\system32\KERNEL32.dll!VirtualProtectEx                                           0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[5416] C:\windows\system32\KERNEL32.dll!CreateProcessA                                             0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[5416] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                     000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[5416] C:\windows\system32\WS2_32.dll!socket                                                       000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[5416] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserW                                       000007fefe6be780 6 bytes {JMP QWORD [RIP+0x1318b0]}
.text     C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[5416] C:\windows\system32\ADVAPI32.dll!CreateServiceW                                             000007fefe6d55c8 6 bytes {JMP QWORD [RIP+0x15aa68]}
.text     C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[5416] C:\windows\system32\ADVAPI32.dll!CreateServiceA                                             000007fefe6eb85c 6 bytes {JMP QWORD [RIP+0x1247d4]}
.text     C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[5416] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                       000007fefe6fa6f0 6 bytes JMP 0
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                                     00000000771bfd64 3 bytes JMP 711c000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                 00000000771bfd68 2 bytes JMP 711c000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                                00000000771bffa4 3 bytes JMP 7119000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                            00000000771bffa8 2 bytes JMP 7119000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                                   00000000771c00b4 3 bytes JMP 711f000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                               00000000771c00b8 2 bytes JMP 711f000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                                            00000000771c0210 3 bytes JMP 7110000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                                        00000000771c0214 2 bytes JMP 7110000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                     00000000771c088c 3 bytes JMP 7116000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                                 00000000771c0890 2 bytes JMP 7116000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                                   00000000771c17e0 3 bytes JMP 7113000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                                               00000000771c17e4 2 bytes JMP 7113000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                           00000000771e2ad3 6 bytes JMP 0000000110057ce0
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                              000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                              0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                                00000000761248f3 6 bytes JMP 7122000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                                000000007612499f 6 bytes JMP 7125000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                      00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!GetSysColor                                                                   0000000076286c3c 5 bytes JMP 00000001100941f0
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!GetMessageW                                                                   00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!GetMessageA                                                                   0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                                            0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SendMessageW                                                                  0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                               000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!RegisterHotKey                                                                000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                                            000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!PeekMessageW                                                                  00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!PostMessageW                                                                  00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!GetKeyState                                                                   000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!GetSysColorBrush                                                              00000000762935a4 5 bytes JMP 0000000110094230
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!PostMessageA                                                                  0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                                            0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!GetScrollInfo                                                                 0000000076294018 7 bytes JMP 0000000110096390
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SetScrollInfo                                                                 00000000762940cf 7 bytes JMP 0000000110096420
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!ShowScrollBar                                                                 0000000076294162 5 bytes JMP 00000001100964c0
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!GetScrollPos                                                                  0000000076294234 5 bytes JMP 00000001100963c0
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!PeekMessageA                                                                  0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SendMessageA                                                                  000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                             0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                                            0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                                          00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                             000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SetScrollPos                                                                  00000000762987a5 5 bytes JMP 0000000110096450
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!EnableScrollBar                                                               0000000076298d3a 7 bytes JMP 0000000110096360
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!GetScrollRange                                                                00000000762990c4 5 bytes JMP 00000001100963f0
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!DrawFrameControl                                                              00000000762a12a1 7 bytes JMP 0000000110094140
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!IsDialogMessage                                                               00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!EndDialog                                                                     00000000762ab99c 5 bytes JMP 0000000110057d50
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                                              00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SetScrollRange                                                                00000000762ad50b 5 bytes JMP 0000000110096480
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                                              00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!GetKeyboardState                                                              00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                                          00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SendInput                                                                     00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SendInput + 4                                                                 00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                                                 00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!keybd_event                                                                   00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                                          00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                                          00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                                            00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                                       00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                                   00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!EndTask                                                                       00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\USER32.dll!EndTask + 4                                                                   00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\GDI32.dll!DeleteDC                                                                       0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\GDI32.dll!BitBlt                                                                         0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\GDI32.dll!CreateDCA                                                                      0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\GDI32.dll!CreateDCW                                                                      0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                              0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                              0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                                     0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                                   0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                                     0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                                   0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!ioctlsocket                                                                   0000000076763084 6 bytes JMP 70fb000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!sendto                                                                        00000000767634b5 6 bytes JMP 7101000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!closesocket                                                                   0000000076763918 6 bytes JMP 710d000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!socket                                                                        0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!WSASend                                                                       0000000076764406 6 bytes JMP 70ec000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!select                                                                        0000000076766989 6 bytes JMP 70fe000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!recv                                                                          0000000076766b0e 6 bytes JMP 70f3000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!connect                                                                       0000000076766bdd 6 bytes JMP 710a000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!send                                                                          0000000076766f01 6 bytes JMP 7104000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!WSARecv                                                                       0000000076767089 6 bytes JMP 70ef000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!WSAGetOverlappedResult                                                        0000000076767489 6 bytes JMP 70c9000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\WS2_32.dll!WSAAsyncSelect                                                                000000007677b014 6 bytes JMP 70f8000a
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[6108] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                     00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                            00000000771bfd64 3 bytes [FF, 25, 1E]
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                        00000000771bfd68 2 bytes [2C, 71]
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                       00000000771bffa4 3 bytes [FF, 25, 1E]
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                   00000000771bffa8 2 bytes [29, 71]
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                          00000000771c00b4 3 bytes JMP 7130000a
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                      00000000771c00b8 2 bytes JMP 7130000a
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                   00000000771c0210 3 bytes [FF, 25, 1E]
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                               00000000771c0214 2 bytes [20, 71]
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                            00000000771c088c 3 bytes [FF, 25, 1E]
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                        00000000771c0890 2 bytes [26, 71]
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                          00000000771c17e0 3 bytes [FF, 25, 1E]
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                      00000000771c17e4 2 bytes [23, 71]
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\KERNEL32.dll!CreateProcessW                                     000000007612103d 6 bytes {JMP QWORD [RIP+0x71a3001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\KERNEL32.dll!CreateProcessA                                     0000000076121072 6 bytes {JMP QWORD [RIP+0x71a6001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\KERNEL32.dll!LoadLibraryW                                       00000000761248f3 6 bytes {JMP QWORD [RIP+0x7132001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\KERNEL32.dll!LoadLibraryA                                       000000007612499f 6 bytes {JMP QWORD [RIP+0x7135001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!ioctlsocket                                          0000000076763084 6 bytes {JMP QWORD [RIP+0x7105001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!sendto                                               00000000767634b5 6 bytes {JMP QWORD [RIP+0x710b001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!closesocket                                          0000000076763918 6 bytes JMP 7118000a
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!socket                                               0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!WSASend                                              0000000076764406 6 bytes {JMP QWORD [RIP+0x70f6001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!select                                               0000000076766989 6 bytes {JMP QWORD [RIP+0x7108001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!recv                                                 0000000076766b0e 6 bytes {JMP QWORD [RIP+0x70fd001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!connect                                              0000000076766bdd 6 bytes {JMP QWORD [RIP+0x7114001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!send                                                 0000000076766f01 6 bytes {JMP QWORD [RIP+0x710e001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!WSARecv                                              0000000076767089 6 bytes {JMP QWORD [RIP+0x70f9001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!WSAGetOverlappedResult                               0000000076767489 6 bytes {JMP QWORD [RIP+0x70f0001e]}
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[4768] C:\windows\syswow64\WS2_32.dll!WSAAsyncSelect                                       000000007677b014 6 bytes {JMP QWORD [RIP+0x7102001e]}
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                       00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                    0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                     0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\kernel32.dll!CreateProcessW                                                                                0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\kernel32.dll!WriteProcessMemory                                                                            0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\kernel32.dll!VirtualProtectEx                                                                              0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\kernel32.dll!CreateProcessA                                                                                0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                        000007fefd0c9055 3 bytes [B5, 6F, 08]
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                               000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\ole32.dll!CoCreateInstance                                                                                 000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\ole32.dll!CoGetClassObject                                                                                 000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\advapi32.DLL!CreateProcessAsUserW                                                                          000007fefe6be780 6 bytes JMP 0
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\advapi32.DLL!CreateServiceW                                                                                000007fefe6d55c8 6 bytes JMP 650037
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\advapi32.DLL!CreateServiceA                                                                                000007fefe6eb85c 6 bytes JMP 0
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\advapi32.DLL!CreateProcessAsUserA                                                                          000007fefe6fa6f0 6 bytes JMP 0
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\WS2_32.dll!socket                                                                                          000007fefe66de90 6 bytes JMP 4
.text     C:\Program Files\Sandboxie\SbieCtrl.exe[5836] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                             000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                      00000000771bfd64 3 bytes JMP 712d000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                  00000000771bfd68 2 bytes JMP 712d000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                 00000000771bffa4 3 bytes JMP 712a000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4             00000000771bffa8 2 bytes JMP 712a000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                    00000000771c00b4 3 bytes JMP 7130000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                00000000771c00b8 2 bytes JMP 7130000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort             00000000771c0210 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4         00000000771c0214 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject      00000000771c088c 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4  00000000771c0890 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                    00000000771c17e0 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                00000000771c17e4 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\kernel32.dll!CreateProcessW               000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\kernel32.dll!CreateProcessA               0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\kernel32.dll!LoadLibraryW                 00000000761248f3 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\kernel32.dll!LoadLibraryA                 000000007612499f 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493       00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\GDI32.dll!DeleteDC                        0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\GDI32.dll!BitBlt                          0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\GDI32.dll!CreateDCA                       0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\GDI32.dll!CreateDCW                       0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!GetMessageW                    00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!GetMessageA                    0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!PostThreadMessageW             0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!SendMessageW                   0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!SetWinEventHook                000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!RegisterHotKey                 000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4             000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!PeekMessageW                   00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!PostMessageW                   00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!GetKeyState                    000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!PostMessageA                   0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!PostThreadMessageA             0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!PeekMessageA                   0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!SendMessageA                   000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!SetWindowsHookExW              0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!SendNotifyMessageW             0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!SendMessageCallbackW           00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!SetWindowsHookExA              000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!IsDialogMessage                00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!IsDialogMessageW               00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]

Alt 08.11.2014, 15:51   #38
hel47
 
Laptop gehackt! - Standard

Laptop gehackt!


Code:
ATTFilter
SB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!GetAsyncKeyState               00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!GetKeyboardState               00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4           00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!SendInput                      00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!SendInput + 4                  00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!ExitWindowsEx                  00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!keybd_event                    00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!DdeClientTransaction           00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!SendMessageCallbackA           00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!SendNotifyMessageA             00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices        00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4    00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!EndTask                        00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\USER32.dll!EndTask + 4                    00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW               0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA               0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW      0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW    0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA      0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA    0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4700] C:\windows\syswow64\WS2_32.dll!socket                         0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                           00000000771bfd64 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                       00000000771bfd68 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                      00000000771bffa4 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                  00000000771bffa8 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                         00000000771c00b4 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                     00000000771c00b8 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                                  00000000771c0210 3 bytes JMP 7118000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                              00000000771c0214 2 bytes JMP 7118000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                           00000000771c088c 3 bytes JMP 711e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                       00000000771c0890 2 bytes JMP 711e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                         00000000771c17e0 3 bytes JMP 711b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                                     00000000771c17e4 2 bytes JMP 711b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                    000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                    0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                      00000000761248f3 6 bytes JMP 712a000a    6
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                      000000007612499f 6 bytes JMP 712d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                            00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!GetMessageW                                                         00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!GetMessageA                                                         0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                                  0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!SendMessageW                                                        0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                     000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!RegisterHotKey                                                      000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                                  000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!PeekMessageW                                                        00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!PostMessageW                                                        00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!GetKeyState                                                         000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!PostMessageA                                                        0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                                  0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!PeekMessageA                                                        0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!SendMessageA                                                        000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                   0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                                  0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                                00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                   000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!IsDialogMessage                                                     00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                                    00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                                    00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!GetKeyboardState                                                    00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                                00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!SendInput                                                           00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!SendInput + 4                                                       00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                                       00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!keybd_event                                                         00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                                00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                                00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                                  00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                             00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                         00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!EndTask                                                             00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\USER32.dll!EndTask + 4                                                         00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\GDI32.dll!DeleteDC                                                             0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\GDI32.dll!BitBlt                                                               0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\GDI32.dll!CreateDCA                                                            0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\GDI32.dll!CreateDCW                                                            0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                    0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                    0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                           0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                         0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                           0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                         0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\WS2_32.dll!socket                                                              0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4436] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                   00000000771bfd64 3 bytes JMP 712d000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                               00000000771bfd68 2 bytes JMP 712d000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                              00000000771bffa4 3 bytes JMP 712a000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                          00000000771bffa8 2 bytes JMP 712a000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                 00000000771c00b4 3 bytes JMP 7130000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                             00000000771c00b8 2 bytes JMP 7130000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                          00000000771c0210 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                      00000000771c0214 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                   00000000771c088c 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                               00000000771c0890 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                 00000000771c17e0 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                             00000000771c17e4 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\kernel32.dll!CreateProcessW                                            000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\kernel32.dll!CreateProcessA                                            0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                              00000000761248f3 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                              000000007612499f 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                    00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!GetMessageW                                                 00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!GetMessageA                                                 0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                          0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!SendMessageW                                                0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!SetWinEventHook                                             000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!RegisterHotKey                                              000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                          000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!PeekMessageW                                                00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!PostMessageW                                                00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!GetKeyState                                                 000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!PostMessageA                                                0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                          0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!PeekMessageA                                                0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!SendMessageA                                                000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                           0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                          0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                        00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                           000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!IsDialogMessage                                             00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                            00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]            4
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                            00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!GetKeyboardState                                            00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                        00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!SendInput                                                   00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!SendInput + 4                                               00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                               00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!keybd_event                                                 00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                        00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                        00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                          00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                     00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                 00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!EndTask                                                     00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\USER32.dll!EndTask + 4                                                 00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\GDI32.dll!DeleteDC                                                     0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\GDI32.dll!BitBlt                                                       0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\GDI32.dll!CreateDCA                                                    0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\GDI32.dll!CreateDCW                                                    0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                            0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                            0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                   0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                 0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                   0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                 0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe[2500] C:\windows\syswow64\WS2_32.dll!socket                                                      0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                                     00000000771bfd64 3 bytes JMP 712d000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                 00000000771bfd68 2 bytes JMP 712d000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                                00000000771bffa4 3 bytes JMP 712a000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                            00000000771bffa8 2 bytes JMP 712a000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                                   00000000771c00b4 3 bytes JMP 7130000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                               00000000771c00b8 2 bytes JMP 7130000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                                            00000000771c0210 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                                        00000000771c0214 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                     00000000771c088c 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                                 00000000771c0890 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                                   00000000771c17e0 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                                               00000000771c17e4 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                              000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                              0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                                00000000761248f3 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                                000000007612499f 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                      00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\GDI32.dll!DeleteDC                                                                       0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\GDI32.dll!BitBlt                                                                         0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\GDI32.dll!CreateDCA                                                                      0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\GDI32.dll!CreateDCW                                                                      0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!GetMessageW                                                                   00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!GetMessageA                                                                   0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                                            0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!SendMessageW                                                                  0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                               000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!RegisterHotKey                                                                000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                                            000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!PeekMessageW                                                                  00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!PostMessageW                                                                  00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!GetKeyState                                                                   000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!PostMessageA                                                                  0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                                            0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!PeekMessageA                                                                  0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!SendMessageA                                                                  000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                             0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                                            0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                                          00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                             000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!IsDialogMessage                                                               00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                                              00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                                              00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!GetKeyboardState                                                              00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                                          00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!SendInput                                                                     00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!SendInput + 4                                                                 00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                                                 00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!keybd_event                                                                   00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                                          00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                                          00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                                            00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                                       00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                                   00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!EndTask                                                                       00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\USER32.dll!EndTask + 4                                                                   00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                              0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                              0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                                     0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                                   0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                                     0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                                   0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                     00000000768414bb 2 bytes [84, 76]                             
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[5624] C:\windows\syswow64\WS2_32.dll!socket                                                                        0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                                             00000000771bfd64 3 bytes JMP 7115000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                         00000000771bfd68 2 bytes JMP 7115000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                                        00000000771bffa4 3 bytes JMP 7112000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                                    00000000771bffa8 2 bytes JMP 7112000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                                           00000000771c00b4 3 bytes JMP 7118000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                       00000000771c00b8 2 bytes JMP 7118000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                                                    00000000771c0210 3 bytes [FF, 25, 1E]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                                                00000000771c0214 2 bytes [08, 71]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                             00000000771c088c 3 bytes [FF, 25, 1E]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                                         00000000771c0890 2 bytes [0E, 71]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                                           00000000771c17e0 3 bytes [FF, 25, 1E]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                                                       00000000771c17e4 2 bytes [0B, 71]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                                      000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                                      0000000076121072 6 bytes {JMP QWORD [RIP+0x71a6001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                                        00000000761248f3 6 bytes JMP 711b000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                                        000000007612499f 6 bytes JMP 711e000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                         0000000076128791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                              00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!GetMessageW                                                                           00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!GetMessageA                                                                           0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                                                    0000000076288bff 6 bytes {JMP QWORD [RIP+0x716b001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!SendMessageW                                                                          0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                                       000000007628ee09 6 bytes {JMP QWORD [RIP+0x717d001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!RegisterHotKey                                                                        000000007628efc9 3 bytes [FF, 25, 1E]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                                                    000000007628efcd 2 bytes [50, 71]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!PeekMessageW                                                                          00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!PostMessageW                                                                          00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!GetKeyState                                                                           000000007629291f 6 bytes {JMP QWORD [RIP+0x7159001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!PostMessageA                                                                          0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                                                    0000000076293c61 6 bytes {JMP QWORD [RIP+0x716e001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!PeekMessageA                                                                          0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!SendMessageA                                                                          000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                                     0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                                                    0000000076297668 6 bytes {JMP QWORD [RIP+0x7165001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                                                  00000000762976e0 6 bytes {JMP QWORD [RIP+0x715f001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                                     000000007629835c 6 bytes {JMP QWORD [RIP+0x7183001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!IsDialogMessage                                                                       00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                                                      00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                                                      00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!GetKeyboardState                                                                      00000000762aec68 3 bytes [FF, 25, 1E]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                                                  00000000762aec6c 2 bytes [53, 71]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!SendInput                                                                             00000000762aff4a 3 bytes [FF, 25, 1E]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!SendInput + 4                                                                         00000000762aff4e 2 bytes [4D, 71]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                                                         00000000762d1497 6 bytes {JMP QWORD [RIP+0x71a0001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!keybd_event                                                                           00000000762e02bf 6 bytes {JMP QWORD [RIP+0x714a001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                                                  00000000762e5f66 6 bytes {JMP QWORD [RIP+0x715c001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                                                  00000000762e6cfc 6 bytes {JMP QWORD [RIP+0x7162001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                                                    00000000762e6d5d 6 bytes {JMP QWORD [RIP+0x7168001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                                               00000000762e88eb 3 bytes [FF, 25, 1E]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                                           00000000762e88ef 2 bytes [47, 71]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!EndTask                                                                               00000000762ea7ee 3 bytes [FF, 25, 1E]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\USER32.dll!EndTask + 4                                                                           00000000762ea7f2 2 bytes [37, 71]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\GDI32.dll!DeleteDC                                                                               0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\GDI32.dll!BitBlt                                                                                 0000000074c05ea6 6 bytes JMP 713b000a
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\GDI32.dll!CreateDCA                                                                              0000000074c07bcc 6 bytes {JMP QWORD [RIP+0x7144001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\GDI32.dll!CreateDCW                                                                              0000000074c0e743 6 bytes {JMP QWORD [RIP+0x7141001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                      0000000076c570c4 6 bytes {JMP QWORD [RIP+0x7186001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                      0000000076c73264 6 bytes {JMP QWORD [RIP+0x7189001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                                             0000000076c8dc55 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                                           0000000076c8dd22 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                                             0000000076c8ddf7 6 bytes {JMP QWORD [RIP+0x719d001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                                           0000000076c8de9e 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!ioctlsocket                                                                           0000000076763084 6 bytes {JMP QWORD [RIP+0x70ed001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!sendto                                                                                00000000767634b5 6 bytes {JMP QWORD [RIP+0x70f3001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!closesocket                                                                           0000000076763918 6 bytes {JMP QWORD [RIP+0x70ff001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!socket                                                                                0000000076763eb8 6 bytes {JMP QWORD [RIP+0x71ad001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!WSASend                                                                               0000000076764406 6 bytes {JMP QWORD [RIP+0x70da001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!select                                                                                0000000076766989 6 bytes {JMP QWORD [RIP+0x70f0001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!recv                                                                                  0000000076766b0e 6 bytes {JMP QWORD [RIP+0x70e1001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!connect                                                                               0000000076766bdd 6 bytes {JMP QWORD [RIP+0x70fc001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!send                                                                                  0000000076766f01 6 bytes {JMP QWORD [RIP+0x70f6001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!WSARecv                                                                               0000000076767089 6 bytes {JMP QWORD [RIP+0x70dd001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!WSAGetOverlappedResult                                                                0000000076767489 6 bytes {JMP QWORD [RIP+0x70d4001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\WS2_32.dll!WSAAsyncSelect                                                                        000000007677b014 6 bytes {JMP QWORD [RIP+0x70ea001e]}
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              0000000076841465 2 bytes [84, 76]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[6244] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                             00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                             00000000771bfd64 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                         00000000771bfd68 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                        00000000771bffa4 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                    00000000771bffa8 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                           00000000771c00b4 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                       00000000771c00b8 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                                    00000000771c0210 3 bytes JMP 7118000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                                00000000771c0214 2 bytes JMP 7118000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                             00000000771c088c 3 bytes JMP 711e000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                         00000000771c0890 2 bytes JMP 711e000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                           00000000771c17e0 3 bytes JMP 711b000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                                       00000000771c17e4 2 bytes JMP 711b000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                      000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                      0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\kernel32.dll!CreateThread + 28                                                   00000000761234b1 4 bytes {CALL 0xffffffff8a65ac90}
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                        00000000761248f3 6 bytes JMP 712a000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                        000000007612499f 6 bytes JMP 712d000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                              00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\ADVAPI32.DLL!CreateServiceW                                                      0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\ADVAPI32.DLL!CreateServiceA                                                      0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\ADVAPI32.DLL!InitiateSystemShutdownW                                             0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\ADVAPI32.DLL!InitiateSystemShutdownExW                                           0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\ADVAPI32.DLL!InitiateSystemShutdownA                                             0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\ADVAPI32.DLL!InitiateSystemShutdownExA                                           0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!ioctlsocket                                                           0000000076763084 6 bytes JMP 7103000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!sendto                                                                00000000767634b5 6 bytes JMP 7109000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!closesocket                                                           0000000076763918 6 bytes JMP 7115000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!socket                                                                0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!WSASend                                                               0000000076764406 6 bytes JMP 70f4000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!select                                                                0000000076766989 6 bytes JMP 7106000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!recv                                                                  0000000076766b0e 6 bytes JMP 70fb000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!connect                                                               0000000076766bdd 6 bytes JMP 7112000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!send                                                                  0000000076766f01 6 bytes JMP 710c000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!WSARecv                                                               0000000076767089 6 bytes JMP 70f7000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!WSAGetOverlappedResult                                                0000000076767489 6 bytes JMP 70ee000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\WS2_32.dll!WSAAsyncSelect                                                        000000007677b014 6 bytes JMP 7100000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\GDI32.dll!DeleteDC                                                               0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\GDI32.dll!BitBlt                                                                 0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\GDI32.dll!CreateDCA                                                              0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\GDI32.dll!CreateDCW                                                              0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!GetMessageW                                                           00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!GetMessageA                                                           0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                                    0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!SendMessageW                                                          0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                       000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!RegisterHotKey                                                        000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                                    000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!PeekMessageW                                                          00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!PostMessageW                                                          00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!GetKeyState                                                           000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!PostMessageA                                                          0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                                    0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!PeekMessageA                                                          0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!SendMessageA                                                          000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                     0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                                    0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                                  00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                     000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!IsDialogMessage                                                       00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                                      00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                                      00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!GetKeyboardState                                                      00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                                  00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!SendInput                                                             00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!SendInput + 4                                                         00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                                         00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!keybd_event                                                           00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                                  00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                                  00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                                    00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                               00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                           00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!EndTask                                                               00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\USER32.dll!EndTask + 4                                                           00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[6376] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\windows\system32\wbem\unsecapp.exe[7136] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                         00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\windows\system32\wbem\unsecapp.exe[7136] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                      0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\windows\system32\wbem\unsecapp.exe[7136] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                       0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\windows\system32\wbem\unsecapp.exe[7136] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                          000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\windows\system32\wbem\unsecapp.exe[7136] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                                 000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\windows\system32\wbem\unsecapp.exe[7136] C:\windows\system32\ole32.dll!CoCreateInstance                                                                                   000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\windows\system32\wbem\unsecapp.exe[7136] C:\windows\system32\ole32.dll!CoGetClassObject                                                                                   000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\windows\system32\wbem\unsecapp.exe[7136] C:\windows\system32\WS2_32.dll!socket                                                                                            000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\windows\system32\wbem\unsecapp.exe[7136] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                               000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                     00000000771bfd64 3 bytes JMP 712d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                 00000000771bfd68 2 bytes JMP 712d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                00000000771bffa4 3 bytes JMP 712a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                            00000000771bffa8 2 bytes JMP 712a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                   00000000771c00b4 3 bytes JMP 7130000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                               00000000771c00b8 2 bytes JMP 7130000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                            00000000771c0210 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                        00000000771c0214 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                     00000000771c088c 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                 00000000771c0890 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                   00000000771c17e0 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                               00000000771c17e4 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\kernel32.dll!CreateProcessW                                              000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\kernel32.dll!CreateProcessA                                              0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                00000000761248f3 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                000000007612499f 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                      00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!GetMessageW                                                   00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!GetMessageA                                                   0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                            0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!SendMessageW                                                  0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!SetWinEventHook                                               000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!RegisterHotKey                                                000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                            000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!PeekMessageW                                                  00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!PostMessageW                                                  00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!GetKeyState                                                   000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!PostMessageA                                                  0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                            0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!PeekMessageA                                                  0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!SendMessageA                                                  000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                             0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                            0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                          00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                             000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!IsDialogMessage                                               00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                              00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                              00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!GetKeyboardState                                              00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                          00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!SendInput                                                     00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!SendInput + 4                                                 00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                                 00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!keybd_event                                                   00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                          00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                          00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                            00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                       00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                   00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!EndTask                                                       00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\USER32.dll!EndTask + 4                                                   00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\GDI32.dll!DeleteDC                                                       0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\GDI32.dll!BitBlt                                                         0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\GDI32.dll!CreateDCA                                                      0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\GDI32.dll!CreateDCW                                                      0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                              0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                              0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                     0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                   0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                     0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                   0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5948] C:\windows\syswow64\WS2_32.dll!socket                                                        0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                         00000000771bfd64 3 bytes JMP 712d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                     00000000771bfd68 2 bytes JMP 712d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                    00000000771bffa4 3 bytes JMP 712a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                00000000771bffa8 2 bytes JMP 712a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                       00000000771c00b4 3 bytes JMP 7130000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                   00000000771c00b8 2 bytes JMP 7130000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                                00000000771c0210 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                            00000000771c0214 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                         00000000771c088c 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                     00000000771c0890 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                       00000000771c17e0 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                                   00000000771c17e4 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                  000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                  0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                    00000000761248f3 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                    000000007612499f 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                          00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                  0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                  0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                         0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                       0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                         0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                       0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\GDI32.dll!DeleteDC                                                           0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\GDI32.dll!BitBlt                                                             0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\GDI32.dll!CreateDCA                                                          0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\GDI32.dll!CreateDCW                                                          0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!GetMessageW                                                       00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!GetMessageA                                                       0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]

Alt 08.11.2014, 15:57   #39
hel47
 
Laptop gehackt! - Standard

Laptop gehackt!


Code:
ATTFilter
h Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!GetMessageW                                                       00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!GetMessageA                                                       0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]             7
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                                0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!SendMessageW                                                      0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                   000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!RegisterHotKey                                                    000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                                000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!PeekMessageW                                                      00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!PostMessageW                                                      00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!GetKeyState                                                       000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!PostMessageA                                                      0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                                0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!PeekMessageA                                                      0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!SendMessageA                                                      000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                 0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                                0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                              00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                 000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!IsDialogMessage                                                   00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                                  00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                                  00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!GetKeyboardState                                                  00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                              00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!SendInput                                                         00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!SendInput + 4                                                     00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                                     00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!keybd_event                                                       00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                              00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                              00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                                00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                           00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                       00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!EndTask                                                           00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\USER32.dll!EndTask + 4                                                       00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[2660] C:\windows\syswow64\WS2_32.dll!socket                                                            0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                   00000000771bfd64 3 bytes JMP 712d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                               00000000771bfd68 2 bytes JMP 712d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                              00000000771bffa4 3 bytes JMP 712a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                          00000000771bffa8 2 bytes JMP 712a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                 00000000771c00b4 3 bytes JMP 7130000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                             00000000771c00b8 2 bytes JMP 7130000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                          00000000771c0210 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                      00000000771c0214 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                   00000000771c088c 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                               00000000771c0890 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                 00000000771c17e0 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                             00000000771c17e4 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\kernel32.dll!CreateProcessW                                            000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\kernel32.dll!CreateProcessA                                            0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                              00000000761248f3 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                              000000007612499f 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                    00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!GetMessageW                                                 00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!GetMessageA                                                 0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                          0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!SendMessageW                                                0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!SetWinEventHook                                             000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!RegisterHotKey                                              000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                          000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!PeekMessageW                                                00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!PostMessageW                                                00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!GetKeyState                                                 000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!PostMessageA                                                0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                          0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!PeekMessageA                                                0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!SendMessageA                                                000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                           0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                          0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                        00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                           000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!IsDialogMessage                                             00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                            00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                            00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!GetKeyboardState                                            00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                        00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!SendInput                                                   00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!SendInput + 4                                               00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                               00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!keybd_event                                                 00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                        00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                        00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                          00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                     00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                 00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!EndTask                                                     00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\USER32.dll!EndTask + 4                                                 00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\GDI32.dll!DeleteDC                                                     0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\GDI32.dll!BitBlt                                                       0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\GDI32.dll!CreateDCA                                                    0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\GDI32.dll!CreateDCW                                                    0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                            0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                            0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                   0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                 0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                   0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                 0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[4916] C:\windows\syswow64\WS2_32.dll!socket                                                      0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                            00000000771bfd64 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                        00000000771bfd68 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                       00000000771bffa4 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                   00000000771bffa8 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                          00000000771c00b4 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                      00000000771c00b8 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                                   00000000771c0210 3 bytes JMP 7118000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                               00000000771c0214 2 bytes JMP 7118000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                            00000000771c088c 3 bytes JMP 711e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                        00000000771c0890 2 bytes JMP 711e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                          00000000771c17e0 3 bytes JMP 711b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                                      00000000771c17e4 2 bytes JMP 711b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                     000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                     0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                       00000000761248f3 6 bytes JMP 712a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                       000000007612499f 6 bytes JMP 712d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                             00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!GetMessageW                                                          00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!GetMessageA                                                          0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                                   0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!SendMessageW                                                         0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                      000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!RegisterHotKey                                                       000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                                   000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!PeekMessageW                                                         00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!PostMessageW                                                         00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!GetKeyState                                                          000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!PostMessageA                                                         0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                                   0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!PeekMessageA                                                         0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!SendMessageA                                                         000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                    0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                                   0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                                 00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                    000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!IsDialogMessage                                                      00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                                     00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                                     00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!GetKeyboardState                                                     00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                                 00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!SendInput                                                            00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!SendInput + 4                                                        00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                                        00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!keybd_event                                                          00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                                 00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                                 00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                                   00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                              00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                          00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!EndTask                                                              00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\USER32.dll!EndTask + 4                                                          00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\GDI32.dll!DeleteDC                                                              0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\GDI32.dll!BitBlt                                                                0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\GDI32.dll!CreateDCA                                                             0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\GDI32.dll!CreateDCW                                                             0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                     0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                     0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                            0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                          0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                            0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                          0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6876] C:\windows\syswow64\WS2_32.dll!socket                                                               0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3428] C:\windows\syswow64\USER32.dll!GetMessageW                           00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3428] C:\windows\syswow64\USER32.dll!GetMessageA                           0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3428] C:\windows\syswow64\USER32.dll!PeekMessageW                          00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3428] C:\windows\syswow64\USER32.dll!PeekMessageA                          0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3428] C:\windows\syswow64\USER32.dll!IsDialogMessage                       00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3428] C:\windows\syswow64\USER32.dll!IsDialogMessageW                      00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3428] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3428] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6976] C:\windows\syswow64\USER32.dll!GetMessageW                                      00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6976] C:\windows\syswow64\USER32.dll!GetMessageA                                      0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6976] C:\windows\syswow64\USER32.dll!PeekMessageW                                     00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6976] C:\windows\syswow64\USER32.dll!PeekMessageA                                     0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6976] C:\windows\syswow64\USER32.dll!IsDialogMessage                                  00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6976] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                 00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6976] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6976] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                           00000000771bfd64 3 bytes JMP 712d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                       00000000771bfd68 2 bytes JMP 712d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                      00000000771bffa4 3 bytes JMP 712a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                  00000000771bffa8 2 bytes JMP 712a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                         00000000771c00b4 3 bytes JMP 7130000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                     00000000771c00b8 2 bytes JMP 7130000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                                  00000000771c0210 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                              00000000771c0214 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                           00000000771c088c 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                       00000000771c0890 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                         00000000771c17e0 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                                     00000000771c17e4 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                    000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                    0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                      00000000761248f3 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                      000000007612499f 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                            00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!GetMessageW                                                         00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!GetMessageA                                                         0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                                  0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!SendMessageW                                                        0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                     000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!RegisterHotKey                                                      000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                                  000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!PeekMessageW                                                        00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!PostMessageW                                                        00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!GetKeyState                                                         000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!PostMessageA                                                        0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                                  0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!PeekMessageA                                                        0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!SendMessageA                                                        000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                   0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                                  0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                                00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                   000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!IsDialogMessage                                                     00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                                    00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                                    00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!GetKeyboardState                                                    00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                                00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!SendInput                                                           00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!SendInput + 4                                                       00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                                       00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!keybd_event                                                         00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                                00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                                00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                                  00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                             00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                         00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!EndTask                                                             00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\USER32.dll!EndTask + 4                                                         00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\GDI32.dll!DeleteDC                                                             0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\GDI32.dll!BitBlt                                                               0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\GDI32.dll!CreateDCA                                                            0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\GDI32.dll!CreateDCW                                                            0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                    0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                    0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                           0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                         0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                           0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                         0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1032] C:\windows\syswow64\WS2_32.dll!socket                                                              0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5208] C:\windows\syswow64\USER32.dll!GetMessageW                                              00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5208] C:\windows\syswow64\USER32.dll!GetMessageA                                              0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5208] C:\windows\syswow64\USER32.dll!PeekMessageW                                             00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5208] C:\windows\syswow64\USER32.dll!PeekMessageA                                             0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5208] C:\windows\syswow64\USER32.dll!IsDialogMessage                                          00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5208] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                         00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5208] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5208] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                               00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                            0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                             0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                                       000007fefe45de90 6 bytes JMP 0
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\system32\ole32.dll!CoCreateInstance                                                                                         000007fefe477490 6 bytes JMP 0
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\system32\ole32.dll!CoGetClassObject                                                                                         000007fefe482e18 6 bytes JMP 3eefa0
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserW                                                                                  000007fefe6be780 6 bytes {JMP QWORD [RIP+0x1318b0]}
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\system32\ADVAPI32.dll!CreateServiceW                                                                                        000007fefe6d55c8 6 bytes {JMP QWORD [RIP+0x15aa68]}
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\system32\ADVAPI32.dll!CreateServiceA                                                                                        000007fefe6eb85c 6 bytes {JMP QWORD [RIP+0x1247d4]}
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                                  000007fefe6fa6f0 6 bytes {JMP QWORD [RIP+0xd5940]}
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\system32\WS2_32.dll!socket                                                                                                  000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\windows\system32\DllHost.exe[3112] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                                     000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                           00000000771bfd64 3 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                       00000000771bfd68 2 bytes JMP 7124000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                      00000000771bffa4 3 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                  00000000771bffa8 2 bytes JMP 7121000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                         00000000771c00b4 3 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                     00000000771c00b8 2 bytes JMP 7127000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                                  00000000771c0210 3 bytes JMP 7118000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                              00000000771c0214 2 bytes JMP 7118000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                           00000000771c088c 3 bytes JMP 711e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                       00000000771c0890 2 bytes JMP 711e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                         00000000771c17e0 3 bytes JMP 711b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                                     00000000771c17e4 2 bytes JMP 711b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                    000000007612103d 6 bytes JMP 71a4000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                    0000000076121072 6 bytes JMP 71a7000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                      00000000761248f3 6 bytes JMP 712a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                      000000007612499f 6 bytes JMP 712d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                            00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!GetMessageW                                                         00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!GetMessageA                                                         0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!PostThreadMessageW                                                  0000000076288bff 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!SendMessageW                                                        0000000076289679 6 bytes JMP 7178000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                     000000007628ee09 6 bytes JMP 717e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!RegisterHotKey                                                      000000007628efc9 3 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4                                                  000000007628efcd 2 bytes JMP 7151000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!PeekMessageW                                                        00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!PostMessageW                                                        00000000762912a5 6 bytes JMP 7172000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!GetKeyState                                                         000000007629291f 6 bytes JMP 715a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!PostMessageA                                                        0000000076293baa 6 bytes JMP 7175000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!PostThreadMessageA                                                  0000000076293c61 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!PeekMessageA                                                        0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!SendMessageA                                                        000000007629612e 6 bytes JMP 717b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                   0000000076297603 6 bytes JMP 7181000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!SendNotifyMessageW                                                  0000000076297668 6 bytes JMP 7166000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!SendMessageCallbackW                                                00000000762976e0 6 bytes JMP 7160000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                   000000007629835c 6 bytes JMP 7184000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!IsDialogMessage                                                     00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!IsDialogMessageW                                                    00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!GetAsyncKeyState                                                    00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!GetKeyboardState                                                    00000000762aec68 3 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4                                                00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!SendInput                                                           00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!SendInput + 4                                                       00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!ExitWindowsEx                                                       00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!keybd_event                                                         00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!DdeClientTransaction                                                00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!SendMessageCallbackA                                                00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!SendNotifyMessageA                                                  00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices                                             00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                         00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!EndTask                                                             00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\USER32.dll!EndTask + 4                                                         00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\GDI32.dll!DeleteDC                                                             0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\GDI32.dll!BitBlt                                                               0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\GDI32.dll!CreateDCA                                                            0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\GDI32.dll!CreateDCW                                                            0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                    0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                    0000000076c73264 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                           0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                         0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                           0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                         0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000076841465 2 bytes [84, 76]
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2516] C:\windows\syswow64\WS2_32.dll!socket                                                              0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                             0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                              0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\system32\kernel32.dll!CreateProcessW                                                         0000000076ec0650 6 bytes {JMP QWORD [RIP+0x917f9e0]}
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\system32\kernel32.dll!WriteProcessMemory                                                     0000000076eebe80 6 bytes {JMP QWORD [RIP+0x92741b0]}
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\system32\kernel32.dll!VirtualProtectEx                                                       0000000076eebf20 6 bytes {JMP QWORD [RIP+0x9254110]}
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\system32\kernel32.dll!CreateProcessA                                                         0000000076f3acf0 6 bytes {JMP QWORD [RIP+0x90e5340]}
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                 000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                      000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                        000007fefe45de90 6 bytes JMP 0
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\system32\ole32.dll!CoCreateInstance                                                          000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\system32\ole32.dll!CoGetClassObject                                                          000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[6284] C:\windows\system32\WS2_32.dll!socket                                                                   000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[7172] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                    00000000770115e0 6 bytes {JMP QWORD [RIP+0x92cea50]}
.text     C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[7172] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                 0000000077011620 6 bytes {JMP QWORD [RIP+0x92eea10]}
.text     C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[7172] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                  0000000077011800 6 bytes {JMP QWORD [RIP+0x92ae830]}
.text     C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[7172] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                     000007fefd0c9055 3 bytes [B5, 6F, 06]
.text     C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[7172] C:\windows\system32\ole32.dll!CoCreateInstanceEx                                                                            000007fefe45de90 6 bytes {JMP QWORD [RIP+0x4121a0]}
.text     C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[7172] C:\windows\system32\ole32.dll!CoCreateInstance                                                                              000007fefe477490 6 bytes {JMP QWORD [RIP+0x3d8ba0]}
.text     C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[7172] C:\windows\system32\ole32.dll!CoGetClassObject                                                                              000007fefe482e18 6 bytes {JMP QWORD [RIP+0x40d218]}
.text     C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[7172] C:\windows\system32\WS2_32.dll!socket                                                                                       000007fefe66de90 6 bytes {JMP QWORD [RIP+0x1421a0]}
.text     C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[7172] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                          000007fefa0803c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                      00000000771bfd64 3 bytes JMP 712d000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                                  00000000771bfd68 2 bytes JMP 712d000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                 00000000771bffa4 3 bytes JMP 712a000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                                             00000000771bffa8 2 bytes JMP 712a000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                    00000000771c00b4 3 bytes JMP 7130000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                                00000000771c00b8 2 bytes JMP 7130000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort                                                                             00000000771c0210 3 bytes JMP 7121000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4                                                                         00000000771c0214 2 bytes JMP 7121000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                      00000000771c088c 3 bytes JMP 7127000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                                                  00000000771c0890 2 bytes JMP 7127000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey                                                                                    00000000771c17e0 3 bytes JMP 7124000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\SysWOW64\ntdll.dll!NtRestoreKey + 4                                                                                00000000771c17e4 2 bytes JMP 7124000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                                               000000007612103d 6 bytes JMP 71a4000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                                               0000000076121072 6 bytes JMP 71a7000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                                                 00000000761248f3 6 bytes JMP 7133000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                                                 000000007612499f 6 bytes JMP 7136000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                       00000000760d2c9e 4 bytes CALL 71ab0000
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!GetMessageW                                                                                    00000000762878e2 6 bytes [68, F0, 38, 0F, 73, C3]
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!GetMessageA                                                                                    0000000076287bd3 6 bytes [68, 50, 38, 0F, 73, C3]
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!PostThreadMessageW                                                                             0000000076288bff 6 bytes JMP 716c000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!SendMessageW                                                                                   0000000076289679 6 bytes JMP 7178000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!SetWinEventHook                                                                                000000007628ee09 6 bytes JMP 717e000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!RegisterHotKey                                                                                 000000007628efc9 3 bytes JMP 7151000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!RegisterHotKey + 4                                                                             000000007628efcd 2 bytes JMP 7151000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!PeekMessageW                                                                                   00000000762905ba 6 bytes [68, 40, 3A, 0F, 73, C3]
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!PostMessageW                                                                                   00000000762912a5 6 bytes JMP 7172000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!GetKeyState                                                                                    000000007629291f 6 bytes JMP 715a000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!PostMessageA                                                                                   0000000076293baa 6 bytes JMP 7175000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!PostThreadMessageA                                                                             0000000076293c61 6 bytes JMP 716f000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!PeekMessageA                                                                                   0000000076295f74 6 bytes [68, 90, 39, 0F, 73, C3]
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!SendMessageA                                                                                   000000007629612e 6 bytes JMP 717b000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!SetWindowsHookExW                                                                              0000000076297603 6 bytes JMP 7181000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!SendNotifyMessageW                                                                             0000000076297668 6 bytes JMP 7166000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!SendMessageCallbackW                                                                           00000000762976e0 6 bytes JMP 7160000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!SetWindowsHookExA                                                                              000000007629835c 6 bytes JMP 7184000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!IsDialogMessage                                                                                00000000762a50ed 6 bytes [68, 50, 37, 0F, 73, C3]
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!IsDialogMessageW                                                                               00000000762ac701 6 bytes [68, D0, 37, 0F, 73, C3]
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!GetAsyncKeyState                                                                               00000000762aeb96 6 bytes JMP 7157000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!GetKeyboardState                                                                               00000000762aec68 3 bytes JMP 7154000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!GetKeyboardState + 4                                                                           00000000762aec6c 2 bytes JMP 7154000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!SendInput                                                                                      00000000762aff4a 3 bytes JMP 714e000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!SendInput + 4                                                                                  00000000762aff4e 2 bytes JMP 714e000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!ExitWindowsEx                                                                                  00000000762d1497 6 bytes JMP 71a1000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!keybd_event                                                                                    00000000762e02bf 6 bytes JMP 714b000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!DdeClientTransaction                                                                           00000000762e5f66 6 bytes JMP 715d000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!SendMessageCallbackA                                                                           00000000762e6cfc 6 bytes JMP 7163000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!SendNotifyMessageA                                                                             00000000762e6d5d 6 bytes JMP 7169000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!RegisterRawInputDevices                                                                        00000000762e88eb 3 bytes JMP 7148000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!RegisterRawInputDevices + 4                                                                    00000000762e88ef 2 bytes JMP 7148000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!EndTask                                                                                        00000000762ea7ee 3 bytes JMP 7139000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\user32.dll!EndTask + 4                                                                                    00000000762ea7f2 2 bytes JMP 7139000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\GDI32.dll!DeleteDC                                                                                        0000000074c058b3 6 bytes JMP 713f000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\GDI32.dll!BitBlt                                                                                          0000000074c05ea6 6 bytes JMP 713c000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\GDI32.dll!CreateDCA                                                                                       0000000074c07bcc 6 bytes JMP 7145000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\GDI32.dll!CreateDCW                                                                                       0000000074c0e743 6 bytes JMP 7142000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                               0000000076c570c4 6 bytes JMP 7187000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                               0000000076c73264 6 bytes JMP 718a000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW                                                                      0000000076c8dc55 6 bytes JMP 7199000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW                                                                    0000000076c8dd22 6 bytes JMP 7193000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA                                                                      0000000076c8ddf7 6 bytes JMP 719e000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA                                                                    0000000076c8de9e 6 bytes JMP 7196000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\WS2_32.dll!socket                                                                                         0000000076763eb8 6 bytes JMP 71ae000a
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                       0000000076841465 2 bytes [84, 76]
.text     C:\Users\Helmut\Downloads\Gmer-19357.exe[5028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                      00000000768414bb 2 bytes [84, 76]
.text     ...                                                                                                                                                                          * 2

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d57b23993                                                                                                  
Reg       HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Configurations@SymbolicLinkValue                                                                                        0x5C 0x00 0x52 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Data@SymbolicLinkValue                                                                                                  0x5C 0x00 0x52 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Options@SymbolicLinkValue                                                                                               0x5C 0x00 0x52 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime                                                                                              ?Fr?, ?Nov ?07 ?14, 07:31:41????????????????t??????????????????
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d57b23993 (not active ControlSet)                                                                              
Reg       HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Configurations@SymbolicLinkValue                                                                                            0x5C 0x00 0x52 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Data@SymbolicLinkValue                                                                                                      0x5C 0x00 0x52 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Options@SymbolicLinkValue                                                                                                   0x5C 0x00 0x52 0x00 ...
Reg       HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue                                                                                                                            0x5C 0x00 0x52 0x00 ...
Reg       HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue                                                                                                                   0x5C 0x00 0x52 0x00 ...

---- EOF - GMER 2.1 ----
Schwere Geburt;-)

Alt 10.11.2014, 11:49   #40
hel47
 
Laptop gehackt! - Standard

Laptop gehackt!


Was ist eigentlich mit den 32 gefundenen Dateien vom Esetonlinescanner,kann ich die löschen?

Alt 10.11.2014, 13:46   #41
Warlord711
/// TB-Ausbilder
 
Laptop gehackt! - Standard

Laptop gehackt!


Komisch, hatte vorhin schon ne Antwort gepostet - dachte ich zumind.



AUf dem System war nur AdWare, keine Malware, kein Hack, kein Virus.


Da brauchst nix mehr löschen, ich hatte dir nen Fix erstellt.
Die Sachen aus der Quarantäne fliegen jetzt raus:

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
  • verwende für jede Anwendung und jeden Account ein anderes Passwort
  • ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
  • speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
  • ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
  • benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
  • verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 10.11.2014, 16:47   #42
hel47
 
Laptop gehackt! - Standard

Laptop gehackt!


Soweit so gut alles erledigt.Adblock plus und NoScript hatte ich ja schon drauf.Nach Delfix
hatte der Laptop nicht rebootet.Mußte manuell eingreifen.1/2 Stunde keine Symbole auf dem weißen Desktop( nur kurze Meldung,Reboot fehlgeschlagen).Eins irritiert mich noch:
Jedes Mal wenn ich Firefox starte habe ich für 1 Sekunde ein anderen Firefox drauf und
wo Adblock plus ist befindet sich ein Telefonhöhrer.Nach 1 Sekunde ist dann der normale Firefox wieder da!Kann es sein, daß da eine parallele Verbindung läuft???
z.B:BND will verschlüsselte Verbindungen überwachen!
Geändert von hel47 (10.11.2014 um 16:58 Uhr)

Alt 10.11.2014, 20:08   #43
Warlord711
/// TB-Ausbilder
 
Laptop gehackt! - Standard

Laptop gehackt!


Du kannst versuchen

a) Firefox ohne Addons starten - https://support.mozilla.org/de/kb/fi...icherter-modus
Schauen ob es dann geht und ein Addon nach dem anderen einschalten

b) Firefox mit einem neuen Profil testen https://support.mozilla.org/de/kb/fi...n-und-loeschen


oder den Firefox mithilfe des Revo Uninstalles komplett zu deinstallieren inkl. aller Reste und neu installieren.

Lesezeichen kannst du ja exportieren.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 11.11.2014, 11:32   #44
hel47
 
Laptop gehackt! - Standard

Laptop gehackt!


Firefox ohne Addons gestartet,das gleiche Ergebnis.Ich habe die Lesezeichen gesichert
und werde Firefox mal restlos löschen und neu Installieren.Übrigens Hatte ich mal Opera
gestartet.Es kam die Meldung,daß ich ein neues Update starten sollte.Habe das aber absichtlich nicht getan,habe die Meldung weder auf OK noch geschlossen sondern nur an die untere Leiste gezogen und stehen gelassen.In kurzen Abständen kam die Meldung ein 2.Mal und 3.Mal,habe sie auch nur runter gezogen.Wenn ich sie mit OK bestätigt hätte,dann Wäre etwas installiert worden was ich nicht wollte.Bei Firefox war es so.
Ich glaube ich werde die Geister nicht los.Ich danke dir erst Mal für deine Mühe.
Den Neuen Firefox müßte ich dann über Opera laden Oder?

Alt 11.11.2014, 11:41   #45
Warlord711
/// TB-Ausbilder
 
Laptop gehackt! - Standard

Laptop gehackt!


Wenn du den alten Firefox vorher deinstallierst, musste wohl über Opera oder IE installieren ;-)
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Antwort
Seite 3 von 4 12 3 4

Themen zu Laptop gehackt!
android/mobserv.a, antimalware, ausspioniert, fehlercode 22, fehlercode 24, fehlercode windows, mobogenie, mobogenie entfernen, msil/toolbar.linkury.i, this device is disabled. (code 22), verschlüsselung, win32/installcore.qw, win32/softonicdownloader.g, win32/systweak.d, win32/systweak.h, win32/systweak.k, win32/toolbar.babylon.q, win32/toolbar.conduit, win32/toolbar.visicom.a, win32/toolbar.visicom.b, win32/toolbar.visicom.c, win64/systweak.a, windows


« firefoxvirus + zugriff auf meinen facebookacc | Anti-vir schlägt Alarm »


Ähnliche Themen: Laptop gehackt!


  1. Laptop läuft langsam Win 7, Rechtsklick mit Maus funktioniert nicht, Laptop zickt rum.
    Plagegeister aller Art und deren Bekämpfung - 18.01.2015 (11)
  2. Laptop gehackt?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2014 (5)
  3. Laptop sehr langsam und wird schnell heiß wenn man games zockt virus? internet spackt auch oft ab (nur laptop)
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (3)
  4. Lollipop Virus auf Laptop , Laptop wird immer Langsamer! Deinstellieren fehlerhaft
    Log-Analyse und Auswertung - 03.02.2014 (3)
  5. Laptop Probleme - "Laptop stürzt ständig ab oder friert ein - wohl Virus :-("
    Mülltonne - 30.12.2013 (1)
  6. Laptop gehackt oder nicht ? Auswertung von Logfiles
    Log-Analyse und Auswertung - 08.05.2013 (1)
  7. GVU Virus auf Laptop, Laie braucht dringend Hilfe, wie OTL auf verseuchten Laptop bringen?
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (21)
  8. PC gehackt?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (1)
  9. [Gehackt]Gehackt dank nem kleinen Bruder
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (2)
  10. TAN-Trojaner auf altem Laptop - Datenübertragung auf neuen Laptop?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2010 (5)
  11. Laptop Gehackt?
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (13)
  12. Pc gehackt?
    Plagegeister aller Art und deren Bekämpfung - 18.12.2009 (2)
  13. Pc Gehackt ?!
    Log-Analyse und Auswertung - 13.07.2009 (5)
  14. Gehackt?
    Mülltonne - 23.02.2009 (1)
  15. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)
  16. Gehackt
    Plagegeister aller Art und deren Bekämpfung - 05.07.2007 (6)
  17. icq gehackt
    Mülltonne - 29.01.2007 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Laptop gehackt! - Also ESET hat insgesamt nur Adware gefunden, die Meldung von deiner Firewall war garantiert auch legitim, wobei die Anfrage der Firewall "Musik" zu erlauben, ein bisschen kryptisch erscheint. Bisher hab - Laptop gehackt!...
Archiv
Du betrachtest: Laptop gehackt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55