| |
| |||||||
Log-Analyse und Auswertung: Win7: Email versendet SpammailsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.12.2014, 19:17
| #1 |
 |  Win7: Email versendet Spammails Guten Abend, auf dem Rechner befinden sich Web.de und Outlook mit 3 E-Mail-Accounts (Gemeinsame Nutzung des Rechners), und am Dienstag erhielten alle aus der Kontaktliste meiner Tante, eine E-Mail mit irgendeiner Rechnung (Link wurde nicht angeklickt!). Comodo Internet Security stoppt leider nach 67% und macht nichts mehr. Nun machen wir nichts mehr am Rechner, außer Excel/Word-Sachen, da es uns zu unsicher ist. Aber wir brauchen ganz dringend den Rechner. |
|
04.12.2014, 19:26
| #2 |
| /// the machine /// TB-Ausbilder    | Win7: Email versendet Spammails Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
04.12.2014, 19:32
| #3 |
| | Win7: Email versendet Spammails Achso, entschuldige. Hatte gelesen, das man die Logfiles anhängen soll, wenn sie zu groß sind. :-)
__________________Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:42 on 04/12/2014 (DSG_01)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-04 18:56:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FALS-40U9B0 rev.20.04F20 931,51GB
Running: 6sxxj7rx.exe; Driver: C:\Users\DSG_01\AppData\Local\Temp\ffdirpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 8 bytes JMP 000000016fff0110
.text C:\Windows\system32\csrss.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0148
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\wininit.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000778c98e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000778e0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007795acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007795acf2 5 bytes {JMP 0xfffffffff8695490}
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 00000000779e6ef0 8 bytes JMP 000000016fff06f8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000779e8184 7 bytes JMP 000000016fff0880
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SetParent 00000000779e8530 8 bytes JMP 000000016fff0730
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!PostMessageA 00000000779ea404 5 bytes JMP 000000016fff0308
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!EnableWindow 00000000779eaaa0 9 bytes JMP 000000016fff08f0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!MoveWindow 00000000779eaad0 8 bytes JMP 000000016fff0768
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!GetAsyncKeyState 00000000779ec720 5 bytes JMP 000000016fff06c0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!RegisterHotKey 00000000779ecd50 8 bytes JMP 000000016fff0848
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!PostThreadMessageA 00000000779ed2b0 5 bytes JMP 000000016fff0378
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SendMessageA 00000000779ed338 5 bytes JMP 000000016fff03e8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SendNotifyMessageW 00000000779edc40 9 bytes JMP 000000016fff0570
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SystemParametersInfoW 00000000779ef510 7 bytes JMP 000000016fff08b8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SetWindowsHookExW 00000000779ef874 9 bytes JMP 000000016fff0298
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 00000000779efac0 9 bytes JMP 000000016fff0490
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!PostThreadMessageW 00000000779f0b74 10 bytes JMP 000000016fff03b0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SetWinEventHook 00000000779f4d4c 5 bytes JMP 000000016fff02d0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!GetKeyState 00000000779f5010 5 bytes JMP 000000016fff0688
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000779f5438 7 bytes JMP 000000016fff0500
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SendMessageW 00000000779f6b50 5 bytes JMP 000000016fff0420
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!PostMessageW 00000000779f76e4 7 bytes JMP 000000016fff0340
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 00000000779fdd90 5 bytes JMP 000000016fff05e0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!GetClipboardData 00000000779fe874 5 bytes JMP 000000016fff0810
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SetClipboardViewer 00000000779ff780 8 bytes JMP 000000016fff07a0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SendNotifyMessageA 0000000077a028e4 12 bytes JMP 000000016fff0538
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!mouse_event 0000000077a03894 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000077a08a10 8 bytes JMP 000000016fff0650
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077a08be0 12 bytes JMP 000000016fff0458
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077a08c20 12 bytes JMP 000000016fff0260
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SendInput 0000000077a08cd0 8 bytes JMP 000000016fff0618
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!BlockInput 0000000077a0ad60 8 bytes JMP 000000016fff07d8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077a314e0 5 bytes JMP 000000016fff0928
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!keybd_event 0000000077a545a4 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 0000000077a5cc08 5 bytes JMP 000000016fff05a8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\USER32.dll!SendMessageCallbackA 0000000077a5df18 7 bytes JMP 000000016fff04c8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\wininit.exe[512] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 8 bytes JMP 000000016fff0110
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0148
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000778c98e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000778e0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007795acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007795acf2 5 bytes {JMP 0xfffffffff8695490}
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff403e80 5 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 00000000779e6ef0 8 bytes JMP 000000016fff06f8
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000779e8184 7 bytes JMP 000000016fff0880
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SetParent 00000000779e8530 8 bytes JMP 000000016fff0730
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!PostMessageA 00000000779ea404 5 bytes JMP 000000016fff0308
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!EnableWindow 00000000779eaaa0 9 bytes JMP 000000016fff08f0
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!MoveWindow 00000000779eaad0 8 bytes JMP 000000016fff0768
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!GetAsyncKeyState 00000000779ec720 5 bytes JMP 000000016fff06c0
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!RegisterHotKey 00000000779ecd50 8 bytes JMP 000000016fff0848
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!PostThreadMessageA 00000000779ed2b0 5 bytes JMP 000000016fff0378
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SendMessageA 00000000779ed338 5 bytes JMP 000000016fff03e8
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SendNotifyMessageW 00000000779edc40 9 bytes JMP 000000016fff0570
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SystemParametersInfoW 00000000779ef510 7 bytes JMP 000000016fff08b8
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SetWindowsHookExW 00000000779ef874 9 bytes JMP 000000016fff0298
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 00000000779efac0 9 bytes JMP 000000016fff0490
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!PostThreadMessageW 00000000779f0b74 10 bytes JMP 000000016fff03b0
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SetWinEventHook 00000000779f4d4c 5 bytes JMP 000000016fff02d0
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!GetKeyState 00000000779f5010 5 bytes JMP 000000016fff0688
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000779f5438 7 bytes JMP 000000016fff0500
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SendMessageW 00000000779f6b50 5 bytes JMP 000000016fff0420
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!PostMessageW 00000000779f76e4 7 bytes JMP 000000016fff0340
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 00000000779fdd90 5 bytes JMP 000000016fff05e0
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!GetClipboardData 00000000779fe874 5 bytes JMP 000000016fff0810
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SetClipboardViewer 00000000779ff780 8 bytes JMP 000000016fff07a0
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SendNotifyMessageA 0000000077a028e4 12 bytes JMP 000000016fff0538
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!mouse_event 0000000077a03894 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000077a08a10 8 bytes JMP 000000016fff0650
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077a08be0 12 bytes JMP 000000016fff0458
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077a08c20 12 bytes JMP 000000016fff0260
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SendInput 0000000077a08cd0 8 bytes JMP 000000016fff0618
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!BlockInput 0000000077a0ad60 8 bytes JMP 000000016fff07d8
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077a314e0 5 bytes JMP 000000016fff0928
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!keybd_event 0000000077a545a4 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 0000000077a5cc08 5 bytes JMP 000000016fff05a8
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\USER32.dll!SendMessageCallbackA 0000000077a5df18 7 bytes JMP 000000016fff04c8
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd830228
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830378
.text C:\Windows\system32\services.exe[584] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\lsass.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\lsass.exe[636] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\lsass.exe[636] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\lsass.exe[636] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\lsass.exe[636] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\lsass.exe[636] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\lsass.exe[636] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\lsass.exe[636] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\lsass.exe[636] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\lsass.exe[636] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\lsass.exe[636] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff53a6f0 1 byte JMP 000007fffd830180
.text C:\Windows\system32\lsass.exe[636] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007feff53a6f2 5 bytes {JMP 0xfffffffffe2f5a90}
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\lsm.exe[644] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\lsm.exe[644] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\lsm.exe[644] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\lsm.exe[644] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\lsm.exe[644] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\lsm.exe[644] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\lsm.exe[644] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\lsm.exe[644] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\lsm.exe[644] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff403e80 5 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd830228
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830378
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff403e80 5 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd830228
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830378
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff53a6f0 1 byte JMP 000007fffd830180
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007feff53a6f2 5 bytes {JMP 0xfffffffffe2f5a90}
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000778c98e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000778e0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007795acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007795acf2 5 bytes {JMP 0xfffffffff8695490}
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000778c98e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000778e0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007795acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007795acf2 5 bytes {JMP 0xfffffffff8695490}
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\atiesrxx.exe[132] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\System32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\System32\svchost.exe[372] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\System32\svchost.exe[372] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\System32\svchost.exe[372] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\System32\svchost.exe[372] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\System32\svchost.exe[372] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\System32\svchost.exe[372] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\System32\svchost.exe[372] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\System32\svchost.exe[372] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\System32\svchost.exe[372] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000778c98e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000778e0650 12 bytes JMP 000000016fff0148
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007795acf0 1 byte JMP 000000016fff0180
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007795acf2 5 bytes {JMP 0xfffffffff8695490}
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff53a6f0 1 byte JMP 000007fffd830180
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007feff53a6f2 5 bytes {JMP 0xfffffffffe2f5a90}
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
|
|
04.12.2014, 19:33
| #4 |
| | Win7: Email versendet SpammailsCode:
ATTFilter
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000778c98e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000778e0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007795acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007795acf2 5 bytes {JMP 0xfffffffff8695490}
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff403e80 5 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd830228
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830378
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff53a6f0 1 byte JMP 000007fffd830180
.text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007feff53a6f2 5 bytes {JMP 0xfffffffffe2f5a90}
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\System32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\System32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\System32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\System32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\System32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\System32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\System32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\AUDIODG.EXE[1072] C:\Windows\System32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\atieclxx.exe[1272] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff403e80 5 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd830228
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830378
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff53a6f0 1 byte JMP 000007fffd830180
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007feff53a6f2 5 bytes {JMP 0xfffffffffe2f5a90}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1708] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff53a6f0 1 byte JMP 000007fffd830180
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007feff53a6f2 5 bytes {JMP 0xfffffffffe2f5a90}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Program Files\Bonjour\mDNSResponder.exe[1792] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW 00000000778c98e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\KERNEL32.dll!CreateProcessW 00000000778e0650 12 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\KERNEL32.dll!CreateProcessA 000000007795acf0 1 byte JMP 000000016fff0180
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\KERNEL32.dll!CreateProcessA + 2 000000007795acf2 5 bytes {JMP 0xfffffffff8695490}
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe[1828] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW 00000000778c98e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\KERNEL32.dll!CreateProcessW 00000000778e0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\KERNEL32.dll!CreateProcessA 000000007795acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\KERNEL32.dll!CreateProcessA + 2 000000007795acf2 5 bytes {JMP 0xfffffffff8695490}
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[1904] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
|
|
04.12.2014, 19:34
| #5 |
| | Win7: Email versendet SpammailsCode:
ATTFilter
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[1964] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\svchost.exe[2020] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[536] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[1364] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff53a6f0 1 byte JMP 000007fffd830180
.text C:\Windows\system32\taskhost.exe[2232] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007feff53a6f2 5 bytes {JMP 0xfffffffffe2f5a90}
.text C:\Windows\system32\svchost.exe[2528] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\svchost.exe[2528] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\svchost.exe[2528] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\svchost.exe[2528] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\svchost.exe[2528] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\svchost.exe[2528] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\svchost.exe[2528] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\svchost.exe[2528] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\svchost.exe[2528] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\svchost.exe[2716] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\svchost.exe[2716] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2796] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000778c98e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000778e0650 12 bytes JMP 000000016fff0148
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007795acf0 1 byte JMP 000000016fff0180
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007795acf2 5 bytes {JMP 0xfffffffff8695490}
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\System32\rundll32.exe[2956] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[3048] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\Explorer.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000778c98e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000778e0650 12 bytes JMP 000000016fff0148
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007795acf0 1 byte JMP 000000016fff0180
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007795acf2 5 bytes {JMP 0xfffffffff8695490}
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 00000000779e6ef0 8 bytes JMP 000000016fff06f8
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000779e8184 7 bytes JMP 000000016fff0880
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SetParent 00000000779e8530 8 bytes JMP 000000016fff0730
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!PostMessageA 00000000779ea404 5 bytes JMP 000000016fff0308
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!EnableWindow 00000000779eaaa0 9 bytes JMP 000000016fff08f0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!MoveWindow 00000000779eaad0 8 bytes JMP 000000016fff0768
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!GetAsyncKeyState 00000000779ec720 5 bytes JMP 000000016fff06c0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!RegisterHotKey 00000000779ecd50 8 bytes JMP 000000016fff0848
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!PostThreadMessageA 00000000779ed2b0 5 bytes JMP 000000016fff0378
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SendMessageA 00000000779ed338 5 bytes JMP 000000016fff03e8
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SendNotifyMessageW 00000000779edc40 9 bytes JMP 000000016fff0570
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SystemParametersInfoW 00000000779ef510 7 bytes JMP 000000016fff08b8
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SetWindowsHookExW 00000000779ef874 9 bytes JMP 000000016fff0298
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 00000000779efac0 9 bytes JMP 000000016fff0490
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!PostThreadMessageW 00000000779f0b74 10 bytes JMP 000000016fff03b0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SetWinEventHook 00000000779f4d4c 5 bytes JMP 000000016fff02d0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!GetKeyState 00000000779f5010 5 bytes JMP 000000016fff0688
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000779f5438 7 bytes JMP 000000016fff0500
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SendMessageW 00000000779f6b50 5 bytes JMP 000000016fff0420
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!PostMessageW 00000000779f76e4 7 bytes JMP 000000016fff0340
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 00000000779fdd90 5 bytes JMP 000000016fff05e0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!GetClipboardData 00000000779fe874 5 bytes JMP 000000016fff0810
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SetClipboardViewer 00000000779ff780 8 bytes JMP 000000016fff07a0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SendNotifyMessageA 0000000077a028e4 12 bytes JMP 000000016fff0538
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!mouse_event 0000000077a03894 7 bytes JMP 000000016fff0228
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000077a08a10 8 bytes JMP 000000016fff0650
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077a08be0 12 bytes JMP 000000016fff0458
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077a08c20 12 bytes JMP 000000016fff0260
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SendInput 0000000077a08cd0 8 bytes JMP 000000016fff0618
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!BlockInput 0000000077a0ad60 8 bytes JMP 000000016fff07d8
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077a314e0 5 bytes JMP 000000016fff0928
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!keybd_event 0000000077a545a4 7 bytes JMP 000000016fff01f0
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 0000000077a5cc08 5 bytes JMP 000000016fff05a8
.text C:\Windows\Explorer.EXE[2188] C:\Windows\system32\USER32.dll!SendMessageCallbackA 0000000077a5df18 7 bytes JMP 000000016fff04c8
.text C:\Windows\System32\WUDFHost.exe[2856] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\System32\WUDFHost.exe[2856] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\System32\WUDFHost.exe[2856] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\System32\WUDFHost.exe[2856] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\System32\WUDFHost.exe[2856] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
|
|
04.12.2014, 19:35
| #6 |
| | Win7: Email versendet SpammailsCode:
ATTFilter
.text C:\Windows\System32\WUDFHost.exe[2856] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\System32\WUDFHost.exe[2856] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\System32\WUDFHost.exe[2856] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\System32\WUDFHost.exe[2856] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3192] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe[3200] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Program Files\Microsoft Device Center\itype.exe[3412] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd8302d0
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830308
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd830340
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd8303b0
.text C:\Program Files\Microsoft Device Center\ipoint.exe[3428] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830378
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3508] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe[3520] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3564] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[4044] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
|
|
04.12.2014, 19:37
| #7 |
| | Win7: Email versendet SpammailsCode:
ATTFilter
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4072] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75]
.text ... * 2
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[440] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW 00000000778c98e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\KERNEL32.dll!CreateProcessW 00000000778e0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\KERNEL32.dll!CreateProcessA 000000007795acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\KERNEL32.dll!CreateProcessA + 2 000000007795acf2 5 bytes {JMP 0xfffffffff8695490}
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Program Files\Netzmanager\netzmanager.exe[3880] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3844] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b03b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b07ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b313a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077b315e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b316c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b31800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077b319f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077b31bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077b31d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077b32130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\svchost.exe[4128] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\servicing\TrustedInstaller.exe[3864] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\servicing\TrustedInstaller.exe[3864] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\servicing\TrustedInstaller.exe[3864] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\servicing\TrustedInstaller.exe[3864] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\servicing\TrustedInstaller.exe[3864] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\servicing\TrustedInstaller.exe[3864] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\servicing\TrustedInstaller.exe[3864] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\servicing\TrustedInstaller.exe[3864] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\servicing\TrustedInstaller.exe[3864] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\System32\svchost.exe[2104] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\System32\svchost.exe[2104] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\System32\svchost.exe[2104] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\System32\svchost.exe[2104] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\System32\svchost.exe[2104] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\System32\svchost.exe[2104] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\System32\svchost.exe[2104] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\System32\svchost.exe[2104] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\System32\svchost.exe[2104] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Windows\system32\svchost.exe[716] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdaf53c0 7 bytes JMP 000007fffd830148
.text C:\Windows\system32\svchost.exe[716] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefde822cc 5 bytes JMP 000007fffd830260
.text C:\Windows\system32\svchost.exe[716] C:\Windows\system32\GDI32.dll!BitBlt 000007fefde824c0 5 bytes JMP 000007fffd830298
.text C:\Windows\system32\svchost.exe[716] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefde85bf0 5 bytes JMP 000007fffd8302d0
.text C:\Windows\system32\svchost.exe[716] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefde88398 9 bytes JMP 000007fffd8301f0
.text C:\Windows\system32\svchost.exe[716] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefde889d8 9 bytes JMP 000007fffd8301b8
.text C:\Windows\system32\svchost.exe[716] C:\Windows\system32\GDI32.dll!GetPixel 000007fefde89344 5 bytes JMP 000007fffd830228
.text C:\Windows\system32\svchost.exe[716] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefde8b9f8 5 bytes JMP 000007fffd830340
.text C:\Windows\system32\svchost.exe[716] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefde8c8e0 5 bytes JMP 000007fffd830308
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077cdf9e0 5 bytes JMP 000000011001d080
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cdfcb0 5 bytes JMP 000000011002fac0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077cdfd64 5 bytes JMP 000000011002dfa0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077cdfdc8 5 bytes JMP 000000011002ec30
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077cdfec0 5 bytes JMP 000000011002c270
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077cdffa4 5 bytes JMP 000000011002e640
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ce0004 5 bytes JMP 000000011002ff20
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077ce0084 5 bytes JMP 000000011002fce0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ce00b4 5 bytes JMP 000000011002e2a0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077ce03b8 5 bytes JMP 000000011002cc90
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ce0550 5 bytes JMP 000000011002b520
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077ce0694 5 bytes JMP 000000011002f750
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ce088c 5 bytes JMP 000000011002be90
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077ce08a4 5 bytes JMP 000000011002c8f0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077ce0df4 5 bytes JMP 000000011002f540
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077ce0ed8 5 bytes JMP 000000011002f0c0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077ce1be4 5 bytes JMP 000000011002f300
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077ce1cb4 5 bytes JMP 000000011002c520
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077ce1d8c 5 bytes JMP 000000011002eec0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cfc4dd 5 bytes JMP 0000000110027df0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d01287 1 byte JMP 000000011001d1a0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077d01289 5 bytes {JMP 0xffffffff9831bf19}
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e3103d 5 bytes JMP 0000000110024f30
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e31072 5 bytes JMP 0000000110025ac0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075e5c9b5 5 bytes JMP 0000000110023a60
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075c7f784 5 bytes JMP 000000011001d1d0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000759e8bff 5 bytes JMP 000000011001b640
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000759e90d3 7 bytes JMP 000000011001c3d0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000759e9679 5 bytes JMP 000000011001b100
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000759e97d2 5 bytes JMP 000000011001ab80
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000759eee09 5 bytes JMP 000000011001c0c0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000759eefc9 5 bytes JMP 00000001100180a0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000759f12a5 5 bytes JMP 000000011001bb80
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000759f291f 5 bytes JMP 0000000110019330
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SetParent 00000000759f2d64 1 byte JMP 00000001100188e0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SetParent + 2 00000000759f2d66 3 bytes {JMP 0xffffffff9a625b7c}
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000759f2da4 5 bytes JMP 0000000110017e00
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000759f3698 5 bytes JMP 0000000110018b80
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000759f3baa 5 bytes JMP 000000011001be20
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000759f3c61 5 bytes JMP 000000011001b8e0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000759f612e 5 bytes JMP 000000011001b3a0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000759f6c30 7 bytes JMP 000000011001c5f0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759f7603 5 bytes JMP 000000011001c810
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000759f7668 5 bytes JMP 000000011001a0c0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000759f76e0 5 bytes JMP 000000011001a600
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000759f781f 5 bytes JMP 000000011001ae40
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000759f835c 5 bytes JMP 000000011001ca80
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000759fc4b6 5 bytes JMP 00000001100186e0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075a0c112 5 bytes JMP 0000000110019e10
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075a0d0f5 5 bytes JMP 0000000110019b60
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a0eb96 5 bytes JMP 0000000110019080
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075a0ec68 5 bytes JMP 00000001100195e0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a0ff4a 5 bytes JMP 0000000110019890
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075a29f1d 5 bytes JMP 00000001100182d0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075a31497 5 bytes JMP 0000000110017bf0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075a4027b 5 bytes JMP 0000000110029670
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075a402bf 5 bytes JMP 0000000110029880
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075a46cfc 5 bytes JMP 000000011001a8c0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075a46d5d 5 bytes JMP 000000011001a360
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075a47dd7 5 bytes JMP 00000001100184e0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075a488eb 5 bytes JMP 0000000110018e60
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000776b58b3 5 bytes JMP 0000000110028bc0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000776b5ea6 5 bytes JMP 00000001100293e0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000776b7bcc 5 bytes JMP 0000000110029cc0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000776bb895 5 bytes JMP 0000000110028c00
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000776bc332 5 bytes JMP 0000000110029130
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000776bcbfb 5 bytes JMP 0000000110028990
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000776be743 5 bytes JMP 0000000110029bc0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\GDI32.dll!PlgBlt 00000000776e4857 5 bytes JMP 0000000110028ea0
.text C:\Users\DSG_01\Downloads\6sxxj7rx.exe[1752] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076e82642 5 bytes JMP 0000000110024390
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\64b9e8ec7356
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\64b9e8ec7356 (not active ControlSet)
---- EOF - GMER 2.1 ----
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by DSG_01 (administrator) on DSG_01-PC on 04-12-2014 18:46:27
Running from C:\Users\DSG_01\Downloads
Loaded Profile: DSG_01 (Available profiles: DSG_01)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9569096 2012-03-11] (COMODO)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
AppInit_DLLs: C:\Windows\system32\guard64.dll => C:\Windows\system32\guard64.dll [389840 2012-03-11] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301224 2012-03-11] (COMODO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSPrintUser.lnk
ShortcutTarget: TSPrintUser.lnk -> C:\Program Files (x86)\TerminalWorks\TSPrint\TSPrintUser.exe (TerminalWorks Ltd.)
Startup: C:\Users\DSG_01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\DSG_01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x794E4A265588CD01
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> DefaultScope {69EBF962-AEEE-4404-A9FC-A0368F0BE7F7} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {3E47E648-163F-41C9-BA8D-B126C0CE87A8} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {69EBF962-AEEE-4404-A9FC-A0368F0BE7F7} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {9FC7C048-04F4-42A6-8501-5E5A76F9A228} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {CDA413A4-F7C1-469E-9836-B4A65E42A51F} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\DSG_01\AppData\Roaming\Mozilla\Firefox\Profiles\8898exns.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKU\S-1-5-21-2383648940-101104340-1764069913-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (McAfee Security Scan+) - C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-01]
CHR Extension: (Google Wallet) - C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2815496 2012-03-11] (COMODO)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-10-22] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [22696 2012-03-11] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [577824 2012-03-11] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43248 2012-03-11] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-01] (DT Soft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [93200 2012-02-03] (COMODO)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-09-01] (Duplex Secure Ltd.)
R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 18:46 - 2014-12-04 18:47 - 00015154 _____ () C:\Users\DSG_01\Downloads\FRST.txt
2014-12-04 18:46 - 2014-12-04 18:46 - 00000000 ____D () C:\FRST
2014-12-04 18:45 - 2014-12-04 18:45 - 02117632 _____ (Farbar) C:\Users\DSG_01\Downloads\FRST64.exe
2014-12-04 18:42 - 2014-12-04 18:42 - 00000584 _____ () C:\Users\DSG_01\Downloads\defogger_disable.log
2014-12-04 18:42 - 2014-12-04 18:42 - 00000020 _____ () C:\Users\DSG_01\defogger_reenable
2014-12-04 18:41 - 2014-12-04 18:41 - 00050477 _____ () C:\Users\DSG_01\Downloads\Defogger.exe
2014-12-04 18:40 - 2014-12-04 18:40 - 00000000 ____D () C:\Users\DSG_01\Desktop\Antivir-Sachen
2014-12-04 18:35 - 2014-12-04 18:35 - 05600479 _____ (Swearware) C:\Users\DSG_01\Downloads\ComboFix.exe
2014-12-02 17:52 - 2014-12-02 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-28 14:07 - 2014-11-28 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
2014-11-28 14:07 - 2014-11-28 14:07 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck
2014-11-28 14:07 - 2014-11-28 14:07 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck
2014-11-28 13:56 - 2014-11-28 13:56 - 00000000 ____D () C:\ProgramData\UUdb
2014-11-27 18:05 - 2014-11-27 18:05 - 03377971 _____ () C:\Users\DSG_01\Desktop\IMG_4784.MOV
2014-11-26 18:25 - 2014-11-26 18:25 - 00010833 _____ () C:\Users\DSG_01\Desktop\Weihnachtsmarkt Stundenzettel.xlsx
2014-11-18 08:55 - 2014-11-18 08:55 - 00000196 _____ () C:\Users\DSG_01\AppData\Roaming\ms3586283.bat
2014-11-18 08:54 - 2014-11-18 08:54 - 00000230 _____ () C:\Users\DSG_01\AppData\Roaming\ms478354.bat
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 18:46 - 2012-09-01 13:36 - 01855275 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 18:43 - 2012-09-10 15:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 18:43 - 2012-09-02 14:31 - 00066178 _____ () C:\Windows\setupact.log
2014-12-04 18:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 18:43 - 2009-07-14 05:45 - 00342848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-04 18:42 - 2012-09-01 16:05 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-12-04 18:42 - 2012-09-01 13:36 - 00000000 ____D () C:\Users\DSG_01
2014-12-04 18:42 - 2009-07-14 05:45 - 00022432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 18:42 - 2009-07-14 05:45 - 00022432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 18:34 - 2012-09-10 15:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 18:32 - 2012-09-10 12:49 - 00000000 ____D () C:\Users\DSG_01\Documents\Outlook-Dateien
2014-12-04 18:15 - 2012-09-01 17:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-04 17:50 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\Kiosk
2014-12-04 17:25 - 2014-08-19 17:08 - 00000000 ____D () C:\Users\DSG_01\Desktop\Djole
2014-12-03 12:06 - 2012-12-08 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-03 08:50 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\DSJ
2014-12-03 08:50 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\DSA
2014-12-03 08:49 - 2014-08-31 16:15 - 00000000 ____D () C:\Users\DSG_01\Desktop\Rg DSA
2014-12-03 08:49 - 2014-08-26 16:57 - 00000000 ____D () C:\Users\DSG_01\Desktop\DSA Angebote
2014-11-28 13:56 - 2014-03-04 12:26 - 00003876 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task
2014-11-28 13:56 - 2014-03-04 12:26 - 00001968 _____ () C:\Users\DSG_01\Desktop\WEB.DE.lnk
2014-11-28 13:56 - 2014-03-04 12:26 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung
2014-11-27 16:11 - 2009-07-14 18:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-11-27 16:11 - 2009-07-14 18:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-11-27 16:11 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-26 12:10 - 2012-09-01 17:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 12:10 - 2012-09-01 17:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 12:10 - 2012-09-01 17:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-24 15:48 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\Muddan Privat
2014-11-18 20:25 - 2014-08-06 17:12 - 00000000 ____D () C:\ProgramData\Netzmanager
2014-11-17 19:46 - 2014-08-24 09:27 - 00790528 _____ () C:\Users\DSG_01\Desktop\Reisekostentabelle 2014 HH-HR 978.xls
2014-11-17 19:32 - 2014-08-24 09:22 - 00791552 _____ () C:\Users\DSG_01\Desktop\Reisekostentabelle 2014 HH-HR 1978.xls
2014-11-17 17:42 - 2014-08-13 16:25 - 00000000 ____D () C:\Users\DSG_01\AppData\Local\Deployment
2014-11-13 08:29 - 2012-09-10 15:03 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 08:29 - 2012-09-10 15:03 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Files to move or delete:
====================
C:\Users\DSG_01\jagex_cl_runescape_LIVE.dat
C:\Users\DSG_01\random.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-25 11:36
==================== End Of Log ============================
--- --- --- [/CODE] |
|
04.12.2014, 19:37
| #8 |
| | Win7: Email versendet Spammails Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by DSG_01 at 2014-12-04 18:47:49
Running from C:\Users\DSG_01\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: COMODO Antivirus (Enabled - Up to date) {458BB331-2324-0753-3D5F-1472EB102AC0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Defense+ (Enabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.25.0 - Brother Industries, Ltd.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
CMS (HKLM-x32\...\CMS) (Version: - )
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.10.31649.2253 - COMODO Security Solutions Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
DiskPlayer (HKLM-x32\...\DiskPlayer1.0) (Version: 1.0 - )
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
KingBill-ONLINE (HKU\S-1-5-21-2383648940-101104340-1764069913-1000\...\690feb82fd2d4d2e) (Version: 1.0.0.7 - KingBill GmbH)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version: - )
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Player (HKLM-x32\...\Player) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
SafeGuard® PrivateCrypto 2.31.1 (HKLM-x32\...\{9CB59E92-98BB-4BE9-9CA2-66FD929EB57A}) (Version: 2.31.1.2 - Utimaco Safeware AG - a member of the Sophos Group)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
TSPrint Client (HKLM-x32\...\{11E91AF3-0B2A-4FE5-9D2F-CC3EDF2C0EBE}_is1) (Version: 1.9.10.0 - TerminalWorks, Inc.)
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.151 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.151 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.151 - TuneUp Software) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version: - Microsoft Corporation)
WEB.DE Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (HKLM\...\2CD6536AAFFF9B465A871060CF483EC9F3341D29) (Version: 06/27/2007 2.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1) (HKLM\...\0B6B49213CF56838AFC233905FA14AC47EAA9B28) (Version: 10/05/2010 3.2.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (HKLM\...\70C7CBB0824BF74552A2F28F5FFBF62A15053DA8) (Version: 10/25/2007 2.0.1.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) (HKLM\...\703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) (HKLM\...\455287ECCB4BABCDE9C6713B82B1BDA990D55398) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) (HKLM\...\F08FFCF5C857951E0CC5F736988F3D01BF425252) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) (HKLM\...\D76172B51B1ECB34E38F97F42F51B7A46FA15F52) (Version: 04/05/2011 3.2.0.8 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (HKLM\...\A0A897639A1D288A8B472FE790EBF9DB71E52ACF) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (HKLM\...\76830D11874044260C923425E7F5A72F25EDA758) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) (HKLM\...\C7DD621795A42EAE550280D4D7601459F35C4EC2) (Version: 01/17/2011 3.2.0.0 - Apple Inc.)
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows-Treiberpaket - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2) (HKLM\...\7C9678A21221D0575C74AF7CE68E28C2771F9E41) (Version: 12/02/2010 14.4.2.2 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22) (HKLM\...\110E24F054DE5F4F72985BC1F3A53F61985BD4CC) (Version: 04/06/2011 5.100.198.22 - Broadcom)
Windows-Treiberpaket - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220) (HKLM\...\26D089A9557429904D9851293EA25C911B64CCF8) (Version: 01/18/2011 1.0.0.220 - Broadcom Corporation)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30) (HKLM\...\43B83D262B11C05DBFE8BEB0E2CBD5A9EA1E7F9C) (Version: 12/03/2010 6.6001.1.30 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows-Treiberpaket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows-Treiberpaket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows-Treiberpaket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows-Treiberpaket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows-Treiberpaket - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-11-2014 08:29:26 Geplanter Prüfpunkt
19-11-2014 15:04:01 Geplanter Prüfpunkt
26-11-2014 16:00:54 Geplanter Prüfpunkt
04-12-2014 08:14:12 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {12BAB1A5-1EB6-45AA-A226-52F7459B5E1A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {32D4EB2F-2EF2-4121-9BF0-E38C3D6F86FD} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {3FC83ABB-AA75-4B0B-9280-FDCDD3FD683A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {67092A29-948D-4651-936E-02FDBF3FA21D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {7EFFB48D-3FA5-49F3-96CC-37BEC147EC2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {8012F1F1-1F80-4931-83F3-9AB2A06556C8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-10-22] (TuneUp Software)
Task: {8E9DBE63-B434-4B87-810C-1A05E75FB915} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {BF8F378C-AB0E-49B4-ACD9-5F771B96C7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {C51C24AF-8723-437C-997A-4355535C88C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {CA4C5456-E246-4CC8-90EC-BC33BEF6B828} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {D01842B3-88C1-4C3B-8309-67E069B54BAE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {FC046732-0ED4-4793-9F7B-7932FD3342F4} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-04-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-12-19 17:59 - 2011-12-19 17:59 - 00071496 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-09-01 16:29 - 2010-03-16 00:04 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-28 20:14 - 2011-01-28 20:14 - 00094208 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2012-09-01 16:28 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-11-26 15:36 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 15:36 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 15:36 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 15:36 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-26 15:36 - 2014-11-25 07:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Windows\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Windows\system32\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Windows\system32\Drivers\.DS_Store:AFP_AfpInfo
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2383648940-101104340-1764069913-500 - Administrator - Disabled)
DSG_01 (S-1-5-21-2383648940-101104340-1764069913-1000 - Administrator - Enabled) => C:\Users\DSG_01
Gast (S-1-5-21-2383648940-101104340-1764069913-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2383648940-101104340-1764069913-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/04/2014 06:01:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmdagent.exe, Version: 5.10.31649.2253, Zeitstempel: 0x4f5d0f92
Name des fehlerhaften Moduls: unarch.cav, Version: 5.9.23139.2195, Zeitstempel: 0x4eef87da
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0000000000056a18
ID des fehlerhaften Prozesses: 0x394
Startzeit der fehlerhaften Anwendung: 0xcmdagent.exe0
Pfad der fehlerhaften Anwendung: cmdagent.exe1
Pfad des fehlerhaften Moduls: cmdagent.exe2
Berichtskennung: cmdagent.exe3
Error: (12/03/2014 06:00:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmdagent.exe, Version: 5.10.31649.2253, Zeitstempel: 0x4f5d0f92
Name des fehlerhaften Moduls: unarch.cav, Version: 5.9.23139.2195, Zeitstempel: 0x4eef87da
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0000000000056a18
ID des fehlerhaften Prozesses: 0x360
Startzeit der fehlerhaften Anwendung: 0xcmdagent.exe0
Pfad der fehlerhaften Anwendung: cmdagent.exe1
Pfad des fehlerhaften Moduls: cmdagent.exe2
Berichtskennung: cmdagent.exe3
Error: (11/30/2014 09:13:24 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (11/28/2014 10:16:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpUtilitiesApp64.exe, Version: 12.0.3600.151, Zeitstempel: 0x52668d99
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004a9070
ID des fehlerhaften Prozesses: 0xa7c
Startzeit der fehlerhaften Anwendung: 0xTuneUpUtilitiesApp64.exe0
Pfad der fehlerhaften Anwendung: TuneUpUtilitiesApp64.exe1
Pfad des fehlerhaften Moduls: TuneUpUtilitiesApp64.exe2
Berichtskennung: TuneUpUtilitiesApp64.exe3
Error: (11/24/2014 10:44:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2253981
Error: (11/24/2014 10:44:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2253981
Error: (11/24/2014 10:44:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/24/2014 08:18:46 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (11/19/2014 04:16:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: 66B1.tmp, Version: 0.0.0.0, Zeitstempel: 0x545bdff6
Name des fehlerhaften Moduls: guard32.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4f5d0dd6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x1000b1b2
ID des fehlerhaften Prozesses: 0x169c
Startzeit der fehlerhaften Anwendung: 0x66B1.tmp0
Pfad der fehlerhaften Anwendung: 66B1.tmp1
Pfad des fehlerhaften Moduls: 66B1.tmp2
Berichtskennung: 66B1.tmp3
Error: (11/19/2014 00:05:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: 8924.tmp, Version: 0.0.0.0, Zeitstempel: 0x545bdff6
Name des fehlerhaften Moduls: guard32.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4f5d0dd6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x1000b1b2
ID des fehlerhaften Prozesses: 0x3f0
Startzeit der fehlerhaften Anwendung: 0x8924.tmp0
Pfad der fehlerhaften Anwendung: 8924.tmp1
Pfad des fehlerhaften Moduls: 8924.tmp2
Berichtskennung: 8924.tmp3
System errors:
=============
Error: (12/04/2014 06:46:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024dffe fehlgeschlagen: Windows Update Setup Handler
Error: (12/04/2014 06:31:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024dffe fehlgeschlagen: Windows Update Setup Handler
Error: (12/04/2014 06:27:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 04.12.2014 um 18:26:17 unerwartet heruntergefahren.
Error: (12/04/2014 06:17:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (12/04/2014 06:04:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {548E275F-0290-40E7-B454-738B0C61DE60}
Error: (12/04/2014 03:12:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024dffe fehlgeschlagen: Windows Update Setup Handler
Error: (12/04/2014 08:15:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024dffe fehlgeschlagen: Windows Update Setup Handler
Error: (12/04/2014 08:11:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 03.12.2014 um 19:51:13 unerwartet heruntergefahren.
Error: (12/03/2014 07:49:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (12/03/2014 07:46:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Microsoft Office Sessions:
=========================
Error: (12/04/2014 06:01:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmdagent.exe5.10.31649.22534f5d0f92unarch.cav5.9.23139.21954eef87dac00004170000000000056a1839401d00fcbe2823d82C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Program Files\COMODO\COMODO Internet Security\scanners\unarch.cav3b722f38-7bd7-11e4-8e27-0023dfff3813
Error: (12/03/2014 06:00:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmdagent.exe5.10.31649.22534f5d0f92unarch.cav5.9.23139.21954eef87dac00004170000000000056a1836001d00f01b9e4beb7C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Program Files\COMODO\COMODO Internet Security\scanners\unarch.cave03040be-7b0d-11e4-923b-0023dfff3813
Error: (11/30/2014 09:13:24 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: I:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (11/28/2014 10:16:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TuneUpUtilitiesApp64.exe12.0.3600.15152668d99unknown0.0.0.000000000c000000500000000004a9070a7c01d00aebf968243eC:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exeunknown3b359218-76df-11e4-912d-0023dfff3813
Error: (11/24/2014 10:44:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2253981
Error: (11/24/2014 10:44:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2253981
Error: (11/24/2014 10:44:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/24/2014 08:18:46 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: I:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (11/19/2014 04:16:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 66B1.tmp0.0.0.0545bdff6guard32.dll_unloaded0.0.0.04f5d0dd6c00000051000b1b2169c01d004087a750201C:\Users\DSG_01\AppData\Local\Temp\66B1.tmpguard32.dll008a79dd-6fff-11e4-8980-0023dfff3813
Error: (11/19/2014 00:05:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 8924.tmp0.0.0.0545bdff6guard32.dll_unloaded0.0.0.04f5d0dd6c00000051000b1b23f001d003e85516ac47C:\Users\DSG_01\AppData\Local\Temp\8924.tmpguard32.dll057a2f44-6fdc-11e4-8f35-0023dfff3813
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 48%
Total physical RAM: 4085.91 MB
Available physical RAM: 2105.95 MB
Total Pagefile: 8169.99 MB
Available Pagefile: 5626.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (BOOTCAMP) (Fixed) (Total:791.01 GB) (Free:702.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E10FADD8)
Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=139.7 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=791 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
05.12.2014, 16:52
| #9 |
| /// the machine /// TB-Ausbilder | Win7: Email versendet Spammails Passwort vom Mail Account ändern. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.12.2014, 18:01
| #10 |
| | Win7: Email versendet Spammails Mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.12.2014 Suchlauf-Zeit: 17:20:01 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.05.07 Rootkit Datenbank: v2014.12.03.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: DSG_01 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 326731 Verstrichene Zeit: 10 Min, 56 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 2 PUP.Optional.OpenCandy, C:\Users\DSG_01\AppData\Roaming\OpenCandy, In Quarantäne, [d8632738adcf280ed24a150014ef12ee], PUP.Optional.OpenCandy, C:\Users\DSG_01\AppData\Roaming\OpenCandy\1C088143AD374B3FA05D949248246DE2, In Quarantäne, [d8632738adcf280ed24a150014ef12ee], Dateien: 1 PUP.Optional.OpenCandy, C:\Users\DSG_01\AppData\Roaming\OpenCandy\1C088143AD374B3FA05D949248246DE2\TuneUpUtilities2012_de-DE.exe, In Quarantäne, [d8632738adcf280ed24a150014ef12ee], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.104 - Bericht erstellt am 05/12/2014 um 17:43:24
# Aktualisiert 05/12/2014 von Xplode
# Database : 2014-12-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : DSG_01 - DSG_01-PC
# Gestartet von : C:\Users\DSG_01\Downloads\AdwCleaner_4.104.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\DSG_01\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v34.0 (x86 de)
-\\ Google Chrome v39.0.2171.71
[C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://eu.wowarmory.com/search.xml?searchQuery={searchTerms}&searchType=all
*************************
AdwCleaner[R0].txt - [1645 octets] - [05/12/2014 17:41:08]
AdwCleaner[S0].txt - [1562 octets] - [05/12/2014 17:43:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1622 octets] ##########
[/CODE] JRT JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by DSG_01 on 05.12.2014 at 17:48:50,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\DSG_01\AppData\Roaming\mozilla\firefox\profiles\8898exns.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.12.2014 at 17:53:01,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[/CODE] FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by DSG_01 (administrator) on DSG_01-PC on 05-12-2014 17:55:17
Running from C:\Users\DSG_01\Desktop
Loaded Profile: DSG_01 (Available profiles: DSG_01)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9569096 2012-03-11] (COMODO)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
AppInit_DLLs: C:\Windows\system32\guard64.dll => C:\Windows\system32\guard64.dll [389840 2012-03-11] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301224 2012-03-11] (COMODO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSPrintUser.lnk
ShortcutTarget: TSPrintUser.lnk -> C:\Program Files (x86)\TerminalWorks\TSPrint\TSPrintUser.exe (TerminalWorks Ltd.)
Startup: C:\Users\DSG_01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\DSG_01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x794E4A265588CD01
HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> DefaultScope {69EBF962-AEEE-4404-A9FC-A0368F0BE7F7} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {3E47E648-163F-41C9-BA8D-B126C0CE87A8} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {69EBF962-AEEE-4404-A9FC-A0368F0BE7F7} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {9FC7C048-04F4-42A6-8501-5E5A76F9A228} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {CDA413A4-F7C1-469E-9836-B4A65E42A51F} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\DSG_01\AppData\Roaming\Mozilla\Firefox\Profiles\8898exns.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKU\S-1-5-21-2383648940-101104340-1764069913-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2815496 2012-03-11] (COMODO)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-10-22] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [22696 2012-03-11] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [577824 2012-03-11] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43248 2012-03-11] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-01] (DT Soft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [93200 2012-02-03] (COMODO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-09-01] (Duplex Secure Ltd.)
R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-05 17:55 - 2014-12-05 17:55 - 00015185 _____ () C:\Users\DSG_01\Desktop\FRST.txt
2014-12-05 17:48 - 2014-12-05 17:48 - 00000000 ____D () C:\Windows\ERUNT
2014-12-05 17:47 - 2014-12-05 17:47 - 01707646 _____ (Thisisu) C:\Users\DSG_01\Desktop\JRT.exe
2014-12-05 17:40 - 2014-12-05 17:43 - 00000000 ____D () C:\AdwCleaner
2014-12-05 17:40 - 2014-12-05 17:40 - 02153472 _____ () C:\Users\DSG_01\Downloads\AdwCleaner_4.104.exe
2014-12-05 17:40 - 2014-12-05 17:40 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-05 17:19 - 2014-12-05 17:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 17:18 - 2014-12-05 17:18 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-05 17:18 - 2014-12-05 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-05 17:18 - 2014-12-05 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 17:18 - 2014-12-05 17:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-05 17:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 17:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 17:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 17:17 - 2014-12-05 17:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\DSG_01\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-04 20:02 - 2014-12-04 20:02 - 00458336 _____ () C:\Windows\Minidump\120414-15178-01.dmp
2014-12-04 18:49 - 2014-12-04 18:49 - 00380416 _____ () C:\Users\DSG_01\Downloads\6sxxj7rx.exe
2014-12-04 18:47 - 2014-12-04 18:48 - 00029067 _____ () C:\Users\DSG_01\Downloads\Addition.txt
2014-12-04 18:46 - 2014-12-05 17:55 - 00000000 ____D () C:\FRST
2014-12-04 18:46 - 2014-12-04 18:48 - 00021859 _____ () C:\Users\DSG_01\Downloads\FRST.txt
2014-12-04 18:45 - 2014-12-04 18:45 - 02117632 _____ (Farbar) C:\Users\DSG_01\Desktop\FRST64.exe
2014-12-04 18:42 - 2014-12-04 18:42 - 00000584 _____ () C:\Users\DSG_01\Downloads\defogger_disable.log
2014-12-04 18:42 - 2014-12-04 18:42 - 00000020 _____ () C:\Users\DSG_01\defogger_reenable
2014-12-04 18:41 - 2014-12-04 18:41 - 00050477 _____ () C:\Users\DSG_01\Downloads\Defogger.exe
2014-12-04 18:40 - 2014-12-05 17:54 - 00000000 ____D () C:\Users\DSG_01\Desktop\Antivir-Sachen
2014-12-04 18:35 - 2014-12-04 18:35 - 05600479 _____ (Swearware) C:\Users\DSG_01\Downloads\ComboFix.exe
2014-12-02 17:52 - 2014-12-02 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-28 14:07 - 2014-11-28 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
2014-11-28 14:07 - 2014-11-28 14:07 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck
2014-11-28 14:07 - 2014-11-28 14:07 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck
2014-11-28 13:56 - 2014-11-28 13:56 - 00000000 ____D () C:\ProgramData\UUdb
2014-11-27 18:05 - 2014-11-27 18:05 - 03377971 _____ () C:\Users\DSG_01\Desktop\IMG_4784.MOV
2014-11-26 18:25 - 2014-11-26 18:25 - 00010833 _____ () C:\Users\DSG_01\Desktop\Weihnachtsmarkt Stundenzettel.xlsx
2014-11-18 08:55 - 2014-11-18 08:55 - 00000196 _____ () C:\Users\DSG_01\AppData\Roaming\ms3586283.bat
2014-11-18 08:54 - 2014-11-18 08:54 - 00000230 _____ () C:\Users\DSG_01\AppData\Roaming\ms478354.bat
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-05 17:54 - 2012-09-01 16:05 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-12-05 17:54 - 2012-09-01 13:36 - 01940185 _____ () C:\Windows\WindowsUpdate.log
2014-12-05 17:52 - 2009-07-14 05:45 - 00022432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 17:52 - 2009-07-14 05:45 - 00022432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-05 17:45 - 2012-09-10 15:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-05 17:45 - 2012-09-10 12:49 - 00000000 ____D () C:\Users\DSG_01\Documents\Outlook-Dateien
2014-12-05 17:44 - 2012-09-07 10:44 - 00017294 _____ () C:\Windows\PFRO.log
2014-12-05 17:44 - 2012-09-02 14:31 - 00066570 _____ () C:\Windows\setupact.log
2014-12-05 17:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-05 17:34 - 2012-09-10 15:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-05 17:32 - 2009-07-14 05:45 - 00342848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-05 17:15 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\Kiosk
2014-12-05 17:10 - 2012-09-01 17:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-04 20:02 - 2014-04-05 16:11 - 501348229 _____ () C:\Windows\MEMORY.DMP
2014-12-04 20:02 - 2014-04-05 16:11 - 00000000 ____D () C:\Windows\Minidump
2014-12-04 18:42 - 2012-09-01 13:36 - 00000000 ____D () C:\Users\DSG_01
2014-12-04 17:25 - 2014-08-19 17:08 - 00000000 ____D () C:\Users\DSG_01\Desktop\X
2014-12-03 12:06 - 2012-12-08 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-03 08:50 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\XX
2014-12-03 08:50 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\XX
2014-12-03 08:49 - 2014-08-31 16:15 - 00000000 ____D () C:\Users\DSG_01\Desktop\XX
2014-12-03 08:49 - 2014-08-26 16:57 - 00000000 ____D () C:\Users\DSG_01\Desktop\XX Angebote
2014-11-28 13:56 - 2014-03-04 12:26 - 00003876 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task
2014-11-28 13:56 - 2014-03-04 12:26 - 00001968 _____ () C:\Users\DSG_01\Desktop\WEB.DE.lnk
2014-11-28 13:56 - 2014-03-04 12:26 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung
2014-11-27 16:11 - 2009-07-14 18:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-11-27 16:11 - 2009-07-14 18:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-11-27 16:11 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-26 12:10 - 2012-09-01 17:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 12:10 - 2012-09-01 17:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 12:10 - 2012-09-01 17:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-24 15:48 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\Muddan Privat
2014-11-18 20:25 - 2014-08-06 17:12 - 00000000 ____D () C:\ProgramData\Netzmanager
2014-11-17 19:46 - 2014-08-24 09:27 - 00790528 _____ () C:\Users\DSG_01\Desktop\Reisekostentabelle 2014 x.xls
2014-11-17 19:32 - 2014-08-24 09:22 - 00791552 _____ () C:\Users\DSG_01\Desktop\Reisekostentabelle 2014 x.xls
2014-11-17 17:42 - 2014-08-13 16:25 - 00000000 ____D () C:\Users\DSG_01\AppData\Local\Deployment
2014-11-13 08:29 - 2012-09-10 15:03 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 08:29 - 2012-09-10 15:03 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Files to move or delete:
====================
C:\Users\DSG_01\jagex_cl_runescape_LIVE.dat
C:\Users\DSG_01\random.dat
Some content of TEMP:
====================
C:\Users\DSG_01\AppData\Local\Temp\Quarantine.exe
C:\Users\DSG_01\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-05 09:59
==================== End Of Log ============================
--- --- --- --- --- --- [/CODE] |
|
06.12.2014, 16:24
| #11 |
| /// the machine /// TB-Ausbilder | Win7: Email versendet SpammailsESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.12.2014, 16:21
| #12 |
| | Win7: Email versendet Spammails Vielen Dank! Ich werde das alles morgen ab 17:00 Uhr machen. Bin momentan leider nicht in der Nähe vom Computer, nur als Info. :-) |
|
08.12.2014, 14:54
| #13 |
| /// the machine /// TB-Ausbilder | Win7: Email versendet Spammails ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.12.2014, 18:25
| #14 |
| | Win7: Email versendet SpammailsCode:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=da58a01cd438494b9205cdca82474831
# engine=21455
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-08 05:11:31
# local_time=2014-12-08 06:11:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 100 4745 93748311 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 44591921 169688541 0 0
# scanned=185903
# found=0
# cleaned=0
# scan_time=2617
Code:
ATTFilter Results of screen317's Security Check version 0.99.91 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` COMODO Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2012 TuneUp Utilities Language Pack (de-DE) Java 7 Update 51 Java version 32-bit out of Date! Adobe Flash Player 15.0.0.239 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (34.0) Google Chrome (39.0.2171.65) Google Chrome (39.0.2171.71) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02 Ran by DSG_01 (administrator) on DSG_01-PC on 08-12-2014 18:20:58 Running from C:\Users\DSG_01\Desktop\Antivir-Sachen Loaded Profile: DSG_01 (Available profiles: DSG_01) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9569096 2012-03-11] (COMODO) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKU\S-1-5-21-2383648940-101104340-1764069913-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2383648940-101104340-1764069913-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.) AppInit_DLLs: C:\Windows\system32\guard64.dll => C:\Windows\system32\guard64.dll [389840 2012-03-11] (COMODO) AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301224 2012-03-11] (COMODO) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSPrintUser.lnk ShortcutTarget: TSPrintUser.lnk -> C:\Program Files (x86)\TerminalWorks\TSPrint\TSPrintUser.exe (TerminalWorks Ltd.) Startup: C:\Users\DSG_01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe () Startup: C:\Users\DSG_01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2383648940-101104340-1764069913-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x794E4A265588CD01 HKU\S-1-5-21-2383648940-101104340-1764069913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> DefaultScope {69EBF962-AEEE-4404-A9FC-A0368F0BE7F7} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {3E47E648-163F-41C9-BA8D-B126C0CE87A8} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {69EBF962-AEEE-4404-A9FC-A0368F0BE7F7} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {9FC7C048-04F4-42A6-8501-5E5A76F9A228} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-2383648940-101104340-1764069913-1000 -> {CDA413A4-F7C1-469E-9836-B4A65E42A51F} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\DSG_01\AppData\Roaming\Mozilla\Firefox\Profiles\8898exns.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKU\S-1-5-21-2383648940-101104340-1764069913-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08] CHR Extension: (Google Wallet) - C:\Users\DSG_01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2815496 2012-03-11] (COMODO) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-10-22] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [22696 2012-03-11] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [577824 2012-03-11] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43248 2012-03-11] (COMODO) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-01] (DT Soft Ltd) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [93200 2012-02-03] (COMODO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-09-01] (Duplex Secure Ltd.) R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 18:14 - 2014-12-08 18:14 - 00852490 _____ () C:\Users\DSG_01\Desktop\SecurityCheck.exe 2014-12-08 17:26 - 2014-12-08 17:26 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-08 17:25 - 2014-12-08 17:25 - 02347384 _____ (ESET) C:\Users\DSG_01\Downloads\esetsmartinstaller_deu.exe 2014-12-05 17:48 - 2014-12-05 17:48 - 00000000 ____D () C:\Windows\ERUNT 2014-12-05 17:40 - 2014-12-05 17:58 - 00000000 ____D () C:\AdwCleaner 2014-12-05 17:40 - 2014-12-05 17:40 - 02153472 _____ () C:\Users\DSG_01\Downloads\AdwCleaner_4.104.exe 2014-12-05 17:40 - 2014-12-05 17:40 - 00000055 _____ () C:\AdwCleanerDebug.txt 2014-12-05 17:19 - 2014-12-08 17:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-05 17:18 - 2014-12-05 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-05 17:18 - 2014-12-05 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-05 17:18 - 2014-12-05 17:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-05 17:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-05 17:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-05 17:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-05 17:17 - 2014-12-05 17:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\DSG_01\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-04 20:02 - 2014-12-04 20:02 - 00458336 _____ () C:\Windows\Minidump\120414-15178-01.dmp 2014-12-04 18:49 - 2014-12-04 18:49 - 00380416 _____ () C:\Users\DSG_01\Downloads\6sxxj7rx.exe 2014-12-04 18:47 - 2014-12-04 18:48 - 00029067 _____ () C:\Users\DSG_01\Downloads\Addition.txt 2014-12-04 18:46 - 2014-12-08 18:21 - 00000000 ____D () C:\FRST 2014-12-04 18:46 - 2014-12-04 18:48 - 00021859 _____ () C:\Users\DSG_01\Downloads\FRST.txt 2014-12-04 18:42 - 2014-12-04 18:42 - 00000584 _____ () C:\Users\DSG_01\Downloads\defogger_disable.log 2014-12-04 18:42 - 2014-12-04 18:42 - 00000020 _____ () C:\Users\DSG_01\defogger_reenable 2014-12-04 18:41 - 2014-12-04 18:41 - 00050477 _____ () C:\Users\DSG_01\Downloads\Defogger.exe 2014-12-04 18:40 - 2014-12-08 18:20 - 00000000 ____D () C:\Users\DSG_01\Desktop\Antivir-Sachen 2014-12-04 18:35 - 2014-12-04 18:35 - 05600479 _____ (Swearware) C:\Users\DSG_01\Downloads\ComboFix.exe 2014-12-02 17:52 - 2014-12-02 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-28 14:07 - 2014-11-28 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2014-11-28 14:07 - 2014-11-28 14:07 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2014-11-28 14:07 - 2014-11-28 14:07 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck 2014-11-28 13:56 - 2014-11-28 13:56 - 00000000 ____D () C:\ProgramData\UUdb 2014-11-27 18:05 - 2014-11-27 18:05 - 03377971 _____ () C:\Users\DSG_01\Desktop\IMG_4784.MOV 2014-11-26 18:25 - 2014-11-26 18:25 - 00010833 _____ () C:\Users\DSG_01\Desktop\Weihnachtsmarkt Stundenzettel.xlsx 2014-11-18 08:55 - 2014-11-18 08:55 - 00000196 _____ () C:\Users\DSG_01\AppData\Roaming\ms3586283.bat 2014-11-18 08:54 - 2014-11-18 08:54 - 00000230 _____ () C:\Users\DSG_01\AppData\Roaming\ms478354.bat ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 18:10 - 2012-09-01 17:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-08 17:34 - 2012-09-10 15:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-08 17:21 - 2012-09-01 16:05 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat 2014-12-08 17:14 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\Kiosk 2014-12-08 16:56 - 2012-09-10 12:49 - 00000000 ____D () C:\Users\DSG_01\Documents\Outlook-Dateien 2014-12-08 15:20 - 2009-07-14 05:45 - 00022432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-08 15:20 - 2009-07-14 05:45 - 00022432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-08 15:16 - 2012-09-01 13:36 - 01966171 _____ () C:\Windows\WindowsUpdate.log 2014-12-08 15:12 - 2012-09-10 15:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-08 15:12 - 2012-09-02 14:31 - 00066682 _____ () C:\Windows\setupact.log 2014-12-08 15:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-08 08:13 - 2009-07-14 05:45 - 00342848 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-05 17:44 - 2012-09-07 10:44 - 00017294 _____ () C:\Windows\PFRO.log 2014-12-04 20:02 - 2014-04-05 16:11 - 501348229 _____ () C:\Windows\MEMORY.DMP 2014-12-04 20:02 - 2014-04-05 16:11 - 00000000 ____D () C:\Windows\Minidump 2014-12-04 18:42 - 2012-09-01 13:36 - 00000000 ____D () C:\Users\DSG_01 2014-12-04 17:25 - 2014-08-19 17:08 - 00000000 ____D () C:\Users\DSG_01\Desktop\Djole 2014-12-03 12:06 - 2012-12-08 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-03 08:50 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\DSJ 2014-12-03 08:50 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\DSA 2014-12-03 08:49 - 2014-08-31 16:15 - 00000000 ____D () C:\Users\DSG_01\Desktop\Rg DSA 2014-12-03 08:49 - 2014-08-26 16:57 - 00000000 ____D () C:\Users\DSG_01\Desktop\DSA Angebote 2014-11-28 13:56 - 2014-03-04 12:26 - 00003876 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task 2014-11-28 13:56 - 2014-03-04 12:26 - 00001968 _____ () C:\Users\DSG_01\Desktop\WEB.DE.lnk 2014-11-28 13:56 - 2014-03-04 12:26 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung 2014-11-27 16:11 - 2009-07-14 18:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-11-27 16:11 - 2009-07-14 18:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-11-27 16:11 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-26 12:10 - 2012-09-01 17:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 12:10 - 2012-09-01 17:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-26 12:10 - 2012-09-01 17:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-24 15:48 - 2014-08-19 16:45 - 00000000 ____D () C:\Users\DSG_01\Desktop\Muddan Privat 2014-11-18 20:25 - 2014-08-06 17:12 - 00000000 ____D () C:\ProgramData\Netzmanager 2014-11-17 19:46 - 2014-08-24 09:27 - 00790528 _____ () C:\Users\DSG_01\Desktop\Reisekostentabelle 2014 HH-HR 978.xls 2014-11-17 19:32 - 2014-08-24 09:22 - 00791552 _____ () C:\Users\DSG_01\Desktop\Reisekostentabelle 2014 HH-HR 1978.xls 2014-11-17 17:42 - 2014-08-13 16:25 - 00000000 ____D () C:\Users\DSG_01\AppData\Local\Deployment 2014-11-13 08:29 - 2012-09-10 15:03 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-13 08:29 - 2012-09-10 15:03 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Files to move or delete: ==================== C:\Users\DSG_01\jagex_cl_runescape_LIVE.dat C:\Users\DSG_01\random.dat Some content of TEMP: ==================== C:\Users\DSG_01\AppData\Local\Temp\Quarantine.exe C:\Users\DSG_01\AppData\Local\Temp\sqlite3.dll C:\Users\DSG_01\AppData\Local\Temp\webde_onlinespeicher_setup_a201412.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 09:59 ==================== End Of Log ============================ --- --- --- [/CODE] Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 02
Ran by DSG_01 at 2014-12-08 18:22:10
Running from C:\Users\DSG_01\Desktop\Antivir-Sachen
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: COMODO Antivirus (Enabled - Up to date) {458BB331-2324-0753-3D5F-1472EB102AC0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Defense+ (Enabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.25.0 - Brother Industries, Ltd.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
CMS (HKLM-x32\...\CMS) (Version: - )
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.10.31649.2253 - COMODO Security Solutions Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
DiskPlayer (HKLM-x32\...\DiskPlayer1.0) (Version: 1.0 - )
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
KingBill-ONLINE (HKU\S-1-5-21-2383648940-101104340-1764069913-1000\...\690feb82fd2d4d2e) (Version: 1.0.0.7 - KingBill GmbH)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version: - )
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Player (HKLM-x32\...\Player) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
SafeGuard® PrivateCrypto 2.31.1 (HKLM-x32\...\{9CB59E92-98BB-4BE9-9CA2-66FD929EB57A}) (Version: 2.31.1.2 - Utimaco Safeware AG - a member of the Sophos Group)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
TSPrint Client (HKLM-x32\...\{11E91AF3-0B2A-4FE5-9D2F-CC3EDF2C0EBE}_is1) (Version: 1.9.10.0 - TerminalWorks, Inc.)
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.151 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.151 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.151 - TuneUp Software) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version: - Microsoft Corporation)
WEB.DE Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (HKLM\...\2CD6536AAFFF9B465A871060CF483EC9F3341D29) (Version: 06/27/2007 2.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1) (HKLM\...\0B6B49213CF56838AFC233905FA14AC47EAA9B28) (Version: 10/05/2010 3.2.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (HKLM\...\70C7CBB0824BF74552A2F28F5FFBF62A15053DA8) (Version: 10/25/2007 2.0.1.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) (HKLM\...\703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) (HKLM\...\455287ECCB4BABCDE9C6713B82B1BDA990D55398) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) (HKLM\...\F08FFCF5C857951E0CC5F736988F3D01BF425252) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) (HKLM\...\D76172B51B1ECB34E38F97F42F51B7A46FA15F52) (Version: 04/05/2011 3.2.0.8 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (HKLM\...\A0A897639A1D288A8B472FE790EBF9DB71E52ACF) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (HKLM\...\76830D11874044260C923425E7F5A72F25EDA758) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) (HKLM\...\C7DD621795A42EAE550280D4D7601459F35C4EC2) (Version: 01/17/2011 3.2.0.0 - Apple Inc.)
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows-Treiberpaket - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2) (HKLM\...\7C9678A21221D0575C74AF7CE68E28C2771F9E41) (Version: 12/02/2010 14.4.2.2 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22) (HKLM\...\110E24F054DE5F4F72985BC1F3A53F61985BD4CC) (Version: 04/06/2011 5.100.198.22 - Broadcom)
Windows-Treiberpaket - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220) (HKLM\...\26D089A9557429904D9851293EA25C911B64CCF8) (Version: 01/18/2011 1.0.0.220 - Broadcom Corporation)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30) (HKLM\...\43B83D262B11C05DBFE8BEB0E2CBD5A9EA1E7F9C) (Version: 12/03/2010 6.6001.1.30 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows-Treiberpaket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows-Treiberpaket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows-Treiberpaket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows-Treiberpaket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows-Treiberpaket - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-11-2014 08:29:26 Geplanter Prüfpunkt
19-11-2014 15:04:01 Geplanter Prüfpunkt
26-11-2014 16:00:54 Geplanter Prüfpunkt
04-12-2014 08:14:12 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {12BAB1A5-1EB6-45AA-A226-52F7459B5E1A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {32D4EB2F-2EF2-4121-9BF0-E38C3D6F86FD} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {3FC83ABB-AA75-4B0B-9280-FDCDD3FD683A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {67092A29-948D-4651-936E-02FDBF3FA21D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {7EFFB48D-3FA5-49F3-96CC-37BEC147EC2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {8012F1F1-1F80-4931-83F3-9AB2A06556C8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-10-22] (TuneUp Software)
Task: {8E9DBE63-B434-4B87-810C-1A05E75FB915} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {BF8F378C-AB0E-49B4-ACD9-5F771B96C7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {C51C24AF-8723-437C-997A-4355535C88C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {CA4C5456-E246-4CC8-90EC-BC33BEF6B828} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {D01842B3-88C1-4C3B-8309-67E069B54BAE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {FC046732-0ED4-4793-9F7B-7932FD3342F4} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-04-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-12-19 17:59 - 2011-12-19 17:59 - 00071496 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-09-01 16:29 - 2010-03-16 00:04 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-09-01 16:03 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-28 20:14 - 2011-01-28 20:14 - 00094208 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2012-09-01 16:28 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-11-26 15:36 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 15:36 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 15:36 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 15:36 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Windows\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Windows\system32\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Windows\system32\Drivers\.DS_Store:AFP_AfpInfo
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2383648940-101104340-1764069913-500 - Administrator - Disabled)
DSG_01 (S-1-5-21-2383648940-101104340-1764069913-1000 - Administrator - Enabled) => C:\Users\DSG_01
Gast (S-1-5-21-2383648940-101104340-1764069913-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2383648940-101104340-1764069913-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/08/2014 06:14:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/08/2014 06:12:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/08/2014 05:25:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/08/2014 05:25:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/08/2014 08:23:25 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
System errors:
=============
Error: (12/08/2014 03:16:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024dffe fehlgeschlagen: Windows Update Setup Handler
Error: (12/08/2014 08:16:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024dffe fehlgeschlagen: Windows Update Setup Handler
Error: (12/05/2014 05:54:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024dffe fehlgeschlagen: Windows Update Setup Handler
Microsoft Office Sessions:
=========================
Error: (12/08/2014 06:14:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\DSG_01\Downloads\esetsmartinstaller_deu.exe
Error: (12/08/2014 06:12:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (12/08/2014 05:25:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\DSG_01\Downloads\esetsmartinstaller_deu.exe
Error: (12/08/2014 05:25:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\DSG_01\Downloads\esetsmartinstaller_deu.exe
Error: (12/08/2014 08:23:25 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: I:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 55%
Total physical RAM: 4085.91 MB
Available physical RAM: 1824.21 MB
Total Pagefile: 8169.99 MB
Available Pagefile: 5290.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (BOOTCAMP) (Fixed) (Total:791.01 GB) (Free:700.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E10FADD8)
Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=139.7 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=791 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ob es noch Probleme gibt, weiß ich nicht ..  |
|
09.12.2014, 12:08
| #15 |
| /// the machine /// TB-Ausbilder | Win7: Email versendet Spammails Java und Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\DSG_01\jagex_cl_runescape_LIVE.dat
C:\Users\DSG_01\random.dat
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win7: Email versendet Spammails |
| befinden, brauche, dienstag, dringend, fehlercode 0x81000006, fehlercode 0xc0000005, fehlercode 0xc0000417, fehlercode windows, gemeinsame, interne, internet, nichts, nutzung, outlook, pup.optional.opencandy, rechner, rechners, rechnung, security, spammail, spammails, unsicher |
Linear-Darstellung
